SIMATIC Fault-tolerant systems S7-400H

Basics and terminology of fault-tolerant communication

Basics and terminology of fault-tolerant communication

Overview
Increased demands on the availability of an overall system require increased reliability of the
communication systems, which means implementing redundant communication.
Below you will find an overview of the fundamentals and basic concepts which you ought to
know with regard to using fault-tolerant communications.

Redundant communication system

The availability of the communication system can be enhanced by duplicating component units
and all bus components, or by using a fiber-optic ring.
On failure of a component, the various monitoring and synchronization mechanisms ensure
that the communication functions are taken over by the reserve components during operation.
A redundant communication system is essential if you want to use fault-tolerant S7
connections.

Fault-tolerant communication
Fault-tolerant communication is the deployment of S7 communication SFBs over fault-tolerant
S7 connections.
Fault-tolerant S7 connections need a redundant communication system.

Redundancy nodes
Redundancy nodes represent extreme reliability of communication between two fault-tolerant
systems. A system with multi-channel components is represented by redundancy nodes.
Redundancy nodes are independent when the failure of a component within the node does not
result in any reliability impairment in other nodes.
Even with fault-tolerant communication, only single errors/faults can be tolerated. If more than
one error occurs between communication endpoints, communication can no longer be
guaranteed.

Connection (S7 connection)

A connection represents the logical assignment of two communication peers for executing a
communication service. Every connection has two end points containing the information
required for addressing the communication peer as well as other attributes for establishing the
connection.
An S7 connection is the communication link between two standard CPUs or from a standard
CPU to a CPU in a fault-tolerant system.
In contrast to a fault-tolerant S7 connection, which contains at least two partial connections,
an S7 connection actually consists of just one connection. If that connection fails,
communication is terminated.

This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims
all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. The complete
documentation can be found at:
/dokumentation/default.aspx?DocVersionId=70978678923&Language=en-US&TopicId=36684919179
12/17/2015

SIMATIC Fault-tolerant systems S7-400H

Basics and terminology of fault-tolerant communication

Figure 1

Example of an S7 connection

Note
Generally speaking, "connection" in this manual means a "configured S7 connection". For other
types of connection, please refer to the SIMATIC NET NCM S7 for PROFIBUS and SIMATIC
NET NCM S7 for Industrial Ethernet manuals.

Fault-tolerant S7 connections
The requirement for higher availability with communication components (for example CPs and
buses) means that redundant communication connections are necessary between the systems
involved.
Unlike an S7 connection, a fault-tolerant S7 connection consists of at least two underlying
subconnections. From the user program, configuration and connection diagnostics
perspective, the fault-tolerant S7 connection with its underlying subconnections is represented
by exactly one ID (just like a standard S7 connection). Depending on the configuration, it can
consist of up to four subconnections, of which two are always established (active) to maintain
communication in the event of an error. The number of subconnections depends on the possible
alternative paths (see figure below) and is determined automatically. Within an S7-H
connection, only subconnections over CP or over the integrated CPU interface are used in the
configuration.
The following examples and the possible configurations in STEP 7 are based on a maximum
of two subnets and a maximum of 4 CPs in the redundant fault-tolerant system. Configurations
with a higher number of CPs or networks are not supported in STEP 7.

This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims
all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. The complete
documentation can be found at:
/dokumentation/default.aspx?DocVersionId=70978678923&Language=en-US&TopicId=36684919179
12/17/2015

SIMATIC Fault-tolerant systems S7-400H

Basics and terminology of fault-tolerant communication

Figure 2

Example that shows that the number of resulting partial connections depends on the
configuration

If the active subconnection fails, the already established second subconnection automatically
takes over communication.

Resource requirements of fault-tolerant S7 connections

The fault-tolerant CPU supports operation of 62/46 (see the technical specifications) faulttolerant S7 connections. Each connection needs a connection resource on the CPU;
subconnections do not need any additional connection resources. On the CP, on the other
hand, each subconnection needs a connection resource.

This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims
all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. The complete
documentation can be found at:
/dokumentation/default.aspx?DocVersionId=70978678923&Language=en-US&TopicId=36684919179
12/17/2015

SIMATIC Fault-tolerant systems S7-400H

Basics and terminology of fault-tolerant communication

Note
If you have configured several fault-tolerant S7 connections for a fault-tolerant station,
establishing them may take a considerable time. If the configured maximum communication
delay is set too short, link-up and updating is canceled and the redundant system mode is no
longer reached (see section Time monitoring).
Each CPU provides the connection resources according to its configuration, which means that
a CPU 417-5H that was configured as CPU 412-5H only provides the connection resources of
a CPU 412-5H.

This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims
all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. The complete
documentation can be found at:
/dokumentation/default.aspx?DocVersionId=70978678923&Language=en-US&TopicId=36684919179
12/17/2015