Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Plant SCADA

TABLE OF CONTENTS

Automatic Redundancy Switchover (Usurping)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 12, 2021
  • 2 minute read

When either primary or standby I/O Server unit starts up, it establishes a connection with a configured peer unit if available. If the peer unit is active, the driver puts the local unit to inactive state and leaves the peer driver to communicate with the device.

Both units become active when communication is inoperable between the I/O Servers. The DNPR drivers exchange states when the communication is reestablished. As both units are active, the driver sets the standby I/O unit inactive and communication to the device continues via the primary unit.

Only the active unit sends DNP3 frames to the device and processes the frames received from the device.

A unit becomes active when:

  • There is no redundant unit. (It is not configured or disabled.)

  • The driver finds that its peer is deactivating or is in an inactive state.

  • The communication between the I/O Servers is lost. After the connection re-establishes, the standby unit sets to inactive.

  • Forcing it to be active by writing to one of the virtual unit control tags.

The automatic switchover (usurping) of units can also happen when the unit port is set offline. The driver reports "CHANNEL_OFFLINE": driver error 20 (0x14) and generic error 21 (0x15).

The port is set offline when:

  • The TCP/IP connection is closed or cannot be opened.

  • There is an error report from one of the low-level communication functions.

  • There is a request to disconnect the internal port. For example, an I/O Server shutdown, or scheduled use of I/O Server.

The lack of an RTU reply does not mean that a TCP/IP connection is dropped. For example, the removal of a cable at a router is unlikely to close a connection. The specific situation and redundancy control of a site is unique to the site.

That is why usurp control is available via driver tags. Users need to engineer the control (via Cicode) if the default driver handling does not match their needs. It is recommended to make the override usurp control available via an engineering screen to cover any unusual circumstances. An active server has its DNPr units usurped across to the other server before the server is shutdown.

Also, configure the field communication hardware to drop the connections if regular updates does not occur. It helps to ensure that the communications can be reinstated. When gateways are used, and availability of a RTU unit is hidden, then some active update counter should be used and Cicode added to check on count changes. That is, if counter is not incrementing then do X.

Related Links
TitleResults for “How to create a CRG?”Also Available in