GE 90-70 Fault Detection

GFK-1527A 5-1

Fault Detection

This chapter describes how faults are handled in a Redundancy system.

Configuration of Fault Actions

Fault Detection

Fault Response

Faulting RCMs, Losing Links, and Terminating Communications

Fault Actions in a CPU Redundancy System

Online Repair

Configuration of Fault Actions

Whenever the system is synchronized with a backup unit available, the decision as to which faults

are FATAL and therefore will cause a switch to the backup CPU are made by the operating system

and are not configurable. However, you can configure whether or not a standalone CPU (after

failure of the other CPU) will stop if another fault occurs.

You can select the fault actions (either diagnostic or fatal) for when a given CPU is operating

without a backup available. This will allow you to choose between fault tolerant operation and a

safety system where a shutdown is preferred. For Control programming software users, refer to the

Control Online Help for information on how to select fault actions.

For Logicmaster 90-70 users, fault actions can be viewed and changed during CPU configuration

by pressing Fault Category (F5), which will display the Fault Category Configuration screen. To

change a fault category, cursor to the category to be changed in the CFG ( l eft) column. Use the Tab

key to toggle the entry (D/F) for th e fault action. After completing th e changes, press the Enter key

to save your chan ges.

Setting fault actions to diagnostic for faults that are fatal in the synchronized case allows for the

possibility that a less healthy unit could remain the active unit even after a more healthy backup

unit is placed in Run mode. For example, if you were to configure "Loss of or Missing Rack"

failures as diagnostic, the following scenario could occur:

1.If an expansion rack fails when the units are synchronized, the unit with the rack failure will

transition to STOP/FAULT mode and the other unit will become a stand-alone unit.

5

Chapter

Contents

Main Warnings, Cautions, and Notes as Used in this Publication Warning Caution Note Preface Content of This Manual Related Publications Preface Contents Page Page Page Introduction Definition of Terms Enhanced Hot Standby CPU Redundancy Features of Enhanced Hot Standby CPU Redundancy Using the Redundancy CPU for Non-Redundant Op eration Compatibility with CPU780 Redundancy CPUs as Compared to Other Series 90-70 CPUs Features not Available with Redundancy CPUs Differences in Operation for Redundancy CPU s Components of the Enhanced Hot Standby Redundancy System Enhanced Redundancy CPU Module Redundancy Communications Module Redundant Racks I/O Systems for Enhanced Hot Standby CPU R edundancy Genius I/O Local I/O Cable Connections GFK-1527A Chapter 1 Introduction 1-7 Enhanced Hot Standby CPU Redundancy Syst em with Local I/O TERMINATED I/O CABLE --- * Secondary Unit Primary Unit Control Strategies GHS Control Strategy GDB Control Strategy Basic Enhanced Hot Standby Operation Output Control with GHS Output Control with GDB Basic CPU Redundancy Setups Single Bus with Prefer red Master: GHS Contro l Strategy Single Bus with Floating Master: GDB Control Strategy Dual Bus with Floating Master: GDB Control Strategy Duplex CPU Redundancy Online Programming On-Line Repair System Components For Installation Instru ctions System Racks Redundancy CPU Features CPU Architecture Expansion Memory Board Watchdog Timer CPU Features Memory Protect Keyswitch CPU LEDs OK: The OK LED is ON when the CPU is functioning properly. The RUN: This LED is ON when the CPU is in the RUN/ENABLE or RUN/DISABLE mode. It is CPU Mode Switch Run/Outputs Enabled Mode Run/Outputs Disabled Mode Stop Mode Port 1 Redundancy Communications Module Unit Select Pushbutton Connector RCM Status LEDS Board OK: Local System Ready Local System Active Bus Transmitter Module Bus Transmitter Module S tatus LEDs Bus Receiver Module Cables and Termination Bus Receiver Module St atus LEDs Board OK: The top LED is ON when the CPU completes its power-up configuration of Last Rack: The middle LED is ON when the terminator plug is installed in the bottom Genius Bus Controller Location of GBCs and Blocks Single Bus Genius Networks Dual Bus Genius Networks Bus Controller LEDs Module OK: The top LED is ON when the board has CH 1 OK: The CH 1 OK LED is ON after the board has Configuration Requirements Programmer Connection for Configuration One Application Program in Both PLCs Program Folders in Control Programming Software Program Folders in Logic master 90 CPU Configuration Parameters Configuring Shared I/O References Finding the Memory Available for Application Program Storage System Communications Win d ow Con siderations Configuring the Redundancy CPU for Non-redundant Operation Rack Module Configuration Parameters Bus Controller Configuration Parameters Genius I/O Block Configuration Parameters Normal Operation Powerup of a Redundant CPU Incompatible Configurations Resynchronization of a Redundant CPU GHS Control Strategy GDB Control Strategy %S References for CPU Redundancy OVR_PRE %S Reference Not Available Scan Synchronization Input Data and Synchronization Data Transfer to the Backup Unit Sweep Time Synchronization GFK-1527A Chapter 4 Normal Operation 4-7 Output Data Transfer to the Backup Unit DATA DATA Data Transfer Time Fail Wait Time Page Programming a Data Transfer from Backup Unit to Active Unit Data Transfer Example Disabling Data Transfer Copy in Backup Unit (SVCREQ #43) Warning Command Block for SVCREQ #43 Backup Qualification w ith SVCREQ #43 Validating the Backup PL C's Input Scan Validating the Backup PLC's Logic Solution Switching Control to the Backup Unit Switching Times Commanding a Role Switch from the Appli cation Program (SVCREQ #26) RUN Disabled Mode RUN Disabled Mode for GHS Control Strategy Example 1: Role switches allowed on both unit s 4-16 Series 90-70 Enhanced Hot Standby CPU Redundancy User's Guide May 2000 GFK-1527A Example 2: Role switches allowed on both unit s The Secondary unit drives the out puts in this example. Example 3: Role switches not a llowed on either unit Example 4: Role switches allowed on both unit s Example 5: Role switches allowed on both units Seco ndary Unit Active Example 6: Role switches not a llowed on either unit, Secondar y Unit Active Example 7: Role switches allowed on both unit s, Secondary Unit Active Example 8: Invalid RUN Disabled Mode for GDB Control Strategy Background User Checksum and Background Window Timing Instructions Finding the Words to Checksum Each Sweep Finding the Background Window Time Finding the Total Sweep Time Miscellaneous Operation Information Timer and PID Function Blocks Timed Contacts Multiple I/O Scan Sets C Debugger STOP to RUN Mode Transition Background Window Time Sequential Function Chart Programming (SFC) Genius Bus Controller Switching Ethernet Global Data in a Redundancy CPU Ethernet Global Data Consumption Ethernet Global Data Production SNTP Timestamping Fault Detection Configuration of Fault Actions Fault Detection PLC Fault Table Messages for Redundancy Page Fault Response Faulting RCMs, Losing Links, a nd Terminating Communications Faulting the Redundancy Communications Modu le Losing a Link Fault Actions in a CPU Redundancy System Configurable Faults * GFK-1527A Chapter 5 Fault Detection 5-9 Non-Configurable Fault Group The table below shows the non-configurable faults and their fault action defaults. Fault Actions Fault Group Table Type Description Not Synchronized Synchronized Fatal Faults on Both Units in the Same Sweep On-Line Repair Maintaining Parallel Bus Termi nation On-Line Repair Recommendation s Power Supply Caution Racks Central Processor Unit Redundancy Communications Module and Cables Redundancy Communications Link Failures Bus Transmitter Module Genius Bus Controller Genius Bus Single Bus Networks Bus faults Dual Bus Networks Genius Blocks Cabling Information Appendix A IC690CBL714A Multi-drop Cable Purpose Specifications A Figure A-1. Multi-Drop Cable Connection Diagram Page Index % A B C E F G H I N O P R S T U V W