4 |
Incompatible Configurations
When two units have incompatible configurations stored (for example, both units configured for PRIMARY or differing blocks for data transfer), then only one of the units can go to RUN mode. If the other unit attempts to go to RUN mode or both units attempt to go to RUN mode at the same time, a FATAL incompatible configuration fault will be logged.
If one unit is configured for CPU Redundancy and the other has no configuration, then both units may go to RUN mode at the same time but they will not be synchronized and only the unit that has been configured will drive outputs.
Resynchronization of a Redundant CPU
When a CPU attempts to get back in synchronization with the currently active CPU, resynchronization occurs. Resynchronization occurs any time a CPU transitions from STOP to RUN mode. The process starts by determining which role each CPU is to play, based on configured control strategy and PRIMARY/SECONDARY configuration as shown in the table below.
Control Strategy
Behavior during Resynchronization
GHS
GDB
The Primary Unit (with Serial Bus Address 31) is always preferred. A switch occurs from the Secondary Unit each time the Primary Unit resynchronizes. Until the resynchronization is complete, the Primary Unit acts as backup.
The Primary Unit switches to active just prior to logic execution. Outputs will be driven that sweep by the Primary Unit.
The active CPU remains active after resynchronization without regard to whether it is in the Primary or Secondary unit. The transitioning unit becomes the backup.
If both systems are transitioning at the same time, the Primary Unit becomes the active CPU and the Secondary Unit becomes the backup.
During resynchronization, the CPUs exchange information about roles and configuration. If the transitioning CPU detects that the role or configuration is not in agreement, that CPU is not permitted to go to RUN mode. If both CPUs are transitioning, neither CPU is permitted to go to RUN mode. The following items must be in agreement:
1.One CPU must be configured as Primary, the other as Secondary.
2.Both CPUs must be configured for the same control strategy (GHS or GDB).
3.Both CPUs must have the same Shared I/O redundancy points configured.
4.If point faults are enabled on one CPU, they must also be enabled on the other if %I, %Q, %AI, or %AQ data is transferred.
At this point, the active unit is the one that has been in control and the backup unit is the one that is resynchronizing. The transfer of all configured control data from the active unit to the backup occurs unless both units are transitioning at the same time (transfer always goes from the running unit to the resynching unit. In addition to the configured control data, the FST_SCN and FST_EXE %S references as well as internal timer information for each common (that is, present in both CPUs)
Chapter 4 Normal Operation |
