CN101815009B - Hot backup synchronizing method supporting fault tolerance - Google Patents
Hot backup synchronizing method supporting fault tolerance Download PDFInfo
- Publication number
- CN101815009B CN101815009B CN2010101356829A CN201010135682A CN101815009B CN 101815009 B CN101815009 B CN 101815009B CN 2010101356829 A CN2010101356829 A CN 2010101356829A CN 201010135682 A CN201010135682 A CN 201010135682A CN 101815009 B CN101815009 B CN 101815009B
- Authority
- CN
- China
- Prior art keywords
- synchronizing signal
- generation equipment
- standby
- synchronizing
- count value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a hot backup synchronizing method supporting fault tolerance. The method is characterized by comprising the following steps: selecting an irrelevant hot backup synchronizing signal generating device, wherein main and standby synchronizing signal passages are physically separated; adopting a one-way synchronizing signal passage and making a signal passage between the synchronizing signal generating device and a synchronized device unidirectional from the generating device to the synchronized device, namely the synchronizing signal generating device is only provided with an output port of the passage and the synchronized device is only provided with an input port of the passage; and detecting errors and switching the synchronized device, so that the synchronized device is supported by a local clock, wherein the accuracy of the local clock is higher than that of a synchronizing signal error. The method has the advantages of enhancing the reliability of the system, improving the maintainability and immune competence of the system and enhancing the operability.
Description
Technical field
The present invention relates to a kind of autocontrol method, especially a kind of many device synchronization control technology, commonly used passing through increases irrelevant heat is equipped with mechanism that synchronizing signal puts to the vote to reach the fault-tolerant hot backup synchronizing method of support to the fault-tolerant purpose of synchronisation source signal in specifically a kind of track traffic equipment.
Background technology
As everyone knows, at automation field, a plurality of device synchronization work of some system requirements, and synchronous motor is shaped on very high reliability and maintainability requirement.Therefore develop and multiple synchronization mechanism: the individual signals source is synchronous, phase-locked step by step transmission signal Synchronization, and phase-locked heat is equipped with source of synchronising signal etc. mutually.But require strictness more for the control system that relates to personal safety, except above requirement, also require the fault-tolerance of high security and Single Point of Faliure.The signal source fault takes place in the synchronization mechanism of individual signals source will directly cause system's cisco unity malfunction; The mechanism of using the phase-locked step by step transmission synchronizing signal of daisy chain produces dependence between by synchronizer and has reduced reliabilty and availability; The heat that is mutually related is equipped with the synchronizing signal of synchronizing signal generation equipment can transmit common mode failure, has greatly reduced the error detecing capability of system.Therefore the independence that need try one's best of active and standby source of synchronising signal, but the phase difference of the synchronizing signal that independence is brought and be to need the problem that solves to active and standby source of synchronising signal fault fault-tolerant.
Summary of the invention
The objective of the invention is the low problem of error detecing capability at existing hot backup synchronizing method existence, a kind of fault-tolerant hot backup synchronizing method of supporting is provided, the mistake that the active and standby signal source that it can find to have nothing to do produces, and can continuous firing after single wrong the generation, have good fault-tolerance and availability, and irrelevant heat is equipped with synchronizing signal generation equipment and brings higher reliability and maintainability.
Technical scheme of the present invention is:
A kind ofly support fault-tolerant hot backup synchronizing method, it is characterized in that it may further comprise the steps:
At first, select irrelevant heat to be equipped with synchronizing signal generation equipment, this equipment should meet the following conditions:
(1) active and standby two synchronizing signal generation equipment physically separate, and especially power supply, ground connection also will be isolated;
(2) the synchronizing signal synchronization of time intenals unanimity sent of active and standby synchronizing signal generation equipment, error precision is identical;
(3) the phase range maximum between the synchronizing signal sent of active and standby synchronizing signal generation equipment can be determined;
Secondly, adopt unidirectional sync channel signal, and make synchronizing signal generation equipment and be to unidirectional from generation equipment by synchronizer by the signalling channel between the synchronizer, the output port that promptly has only this passage on synchronizing signal generation equipment is had only the input port of this passage by synchronizer; And active and standby sync channel signal physically separates;
At last, make by synchronizer and carry out error detection and switching, make by synchronizer and obtain the local clock support, the local clock precision need be higher than the synchronizing signal error precision, should carry out according to the following steps:
(1) master sync signal counting step: local clock began counting when master sync signal arrived; Master sync signal restarts counting after writing down local clock count value and zero clearing when arriving once more;
(2) be equipped with the synchronizing signal counting step: local clock begins counting when being equipped with the synchronizing signal arrival; Restart counting after writing down local clock count value and zero clearing when synchronizing signal arrives once more fully;
(3) analysis and switch step: set timing error tolerance threshold value, in each synchronizing cycle the clock count value of active and standby two signals is analyzed: excessive or too small and surpass the fault tolerant threshold value when the master sync signal count value, it is normal to be equipped with the synchronizing signal count value simultaneously, analysis result is master sync signal generation equipment or signalling channel fault, equipment switches to fully that synchronizing signal works on, alarm prompt maintenance master sync signal generation equipment and signalling channel; Excessive or too small and surpass the fault tolerant threshold value when being equipped with the synchronizing signal count value, the master sync signal count value is normal simultaneously, analysis result is to be equipped with synchronizing signal generation equipment or signalling channel fault, equipment works on but operating state is single synchronizing signal state (can not switch to by synchronizing signal when promptly the master sync signal fault taking place again and need enter abnormality processing), and the alarm prompt maintenance is equipped with synchronizing signal generation equipment and signalling channel; All excessive or too small and surpass the fault tolerant threshold value when active and standby synchronizing signal count value, analysis result is this all lost efficacy by synchronizer local clock fault or active and standby synchronizing signal (it is small probability event that active and standby synchronizing signal lost efficacy simultaneously), this is entered abnormality processing by synchronizer, and the alarm maintenance.
Beneficial effect of the present invention:
1. the hot synchronizing signal generation equipment that is equipped with has strengthened the reliability of system;
2. the synchronizing signal generation equipment that can change has separately improved the maintainability of system;
3. unidirectional synchronizing channel prevents to be caused synchronizing signal generation Device Errors by the fault of synchronizer, and then causes total system to lose efficacy.Therefore improved the immunocompetence of synchronizing signal generation equipment;
4. the availability that can singly fault-tolerant mechanism have been improved system by synchronizer.
Embodiment
The present invention is further illustrated below in conjunction with embodiment.
A kind ofly support fault-tolerant hot backup synchronizing method, it comprises selects irrelevant heat to be equipped with synchronizing signal generation equipment, adopts unidirectional sync channel signal and makes error detection and the handoff functionality that is had by synchronizer.
Irrelevant heat is equipped with synchronizing signal generation equipment and comprises following content:
(1) active and standby two synchronizing signal generation equipment physically separate, and suggestion power supply, ground connection also will be isolated;
(2) the synchronizing signal synchronization of time intenals unanimity sent of active and standby synchronizing signal generation equipment, error precision is identical;
(3) the phase range maximum between the synchronizing signal sent of active and standby synchronizing signal generation equipment can be determined;
Unidirectional sync channel signal is meant synchronizing signal generation equipment and is to unidirectional by synchronizer from generation equipment by the signalling channel between the synchronizer, the output port that promptly has only this passage on synchronizing signal generation equipment is had only the input port of this passage by synchronizer.And active and standby sync channel signal physically separates.
Need be by the error detection of synchronizer and handoff functionality by the local clock support of synchronizer, the local clock precision need be higher than the synchronizing signal error precision.Error detection and handoff functionality are realized by following step:
1) master sync signal counting step: local clock began counting when master sync signal arrived; Master sync signal restarts counting after writing down local clock count value and zero clearing when arriving once more.
2) be equipped with the synchronizing signal counting step: local clock begins counting when being equipped with the synchronizing signal arrival; Restart counting after writing down local clock count value and zero clearing when synchronizing signal arrives once more fully.
3) analysis and switch step: set timing error tolerance threshold value, in each synchronizing cycle the clock count value of active and standby two signals is analyzed: excessive or too small and surpass the fault tolerant threshold value when the master sync signal count value, it is normal to be equipped with the synchronizing signal count value simultaneously, analysis result is master sync signal generation equipment or signalling channel fault, equipment switches to fully that synchronizing signal works on, alarm prompt maintenance master sync signal generation equipment and signalling channel; Excessive or too small and surpass the fault tolerant threshold value when being equipped with the synchronizing signal count value, the master sync signal count value is normal simultaneously, analysis result is to be equipped with synchronizing signal generation equipment or signalling channel fault, equipment works on but operating state is single synchronizing signal state (can not switch to by synchronizing signal when promptly the master sync signal fault taking place again and need enter abnormality processing), and the alarm prompt maintenance is equipped with synchronizing signal generation equipment and signalling channel; All excessive or too small and surpass the fault tolerant threshold value when active and standby synchronizing signal count value, analysis result is this all lost efficacy by synchronizer local clock fault or active and standby synchronizing signal (it is small probability event that active and standby synchronizing signal lost efficacy simultaneously), this is entered abnormality processing by synchronizer, and the alarm maintenance.
It below is a concrete example.
At first according to the synchronizing signal generation equipment of summary of the invention tectonic system, signalling channel with by synchronizer.Definition master sync signal generation equipment is SD1, being equipped with synchronizing signal generation equipment is SD2, the master sync signal passage is Ch1, being equipped with sync channel signal is Ch2, suppose that system has two by synchronizer DA and DB, DA equipment is CntA1 to the local count value of master sync signal, DA equipment is CntA2 to the local count value that is equipped with synchronizing signal, DB equipment is CntB1 to the local count value of master sync signal, DB equipment is CntB2 to the local count value of master sync signal, standard synchronometer numerical value is Cnt, and predefine tolerance threshold value is dCnt.
System synchronization is just often: SD1, SD2 operate as normal; On DA equipment | CntA1-Cnt|<dCnt, | CntA2-Cnt|<dCnt; ) on the B equipment | CntB1-Cnt|<dCnt, | CntB2-Cnt|<dCnt.
When SD1 or Ch1 break down: on DA equipment | CntA1-Cnt|>dCnt, | CntA2-Cnt|<dCnt; On DB equipment | CntB1-Cnt|>dCnt, | CntB2-Cnt|<dCnt.Analysis result is: master sync signal lost efficacy.DA and DB switch to all fully that synchronizing signal works on, and alarm maintenance SD1 and Ch1.
When SD2 or Ch2 break down: on DA equipment | CntA1-Cnt|<dCnt, | CntA2-Cnt|>dCnt; On DB equipment | CntB1-Cnt|<dCnt, | CntB2-Cnt|>dCnt.Analysis result is: be equipped with synchronizing signal and lost efficacy.DA and DB all work on, and alarm maintenance SD2 and Ch2.
When DA equipment local clock breaks down: on DA equipment | CntA1-Cnt|>dCnt, | CntA2-Cnt|>dCnt; On DB equipment | CntB1-Cnt|<dCnt, | CntB2-Cnt|<dCnt.Analysis result is: the local clock fault.DA equipment enters abnormality processing and alarm maintenance, and DB equipment continues operate as normal.In like manner analyze the situation when DB equipment local clock breaks down.
It is small probability event that SD1 or Ch1 and SD2 or Ch2 break down simultaneously, during generation: on DA equipment | CntA1-Cnt|>dCnt, | CntA2-Cnt|>dCnt; On DB equipment | CntB1-Cnt|>dCnt, | CntB2-Cnt|>dCnt.Analysis result is that active and standby synchronizing signal all lost efficacy.System enters abnormality processing and system-level maintenance is carried out in alarm.
The part that the present invention does not relate to prior art that maybe can adopt all same as the prior art is realized.
Claims (1)
1. support fault-tolerant hot backup synchronizing method for one kind, it is characterized in that it may further comprise the steps:
At first, select irrelevant heat to be equipped with synchronizing signal generation equipment, this equipment should meet the following conditions:
(1) active and standby two synchronizing signal generation equipment physically separate;
(2) the synchronizing signal synchronization of time intenals unanimity sent of active and standby synchronizing signal generation equipment, error precision is identical;
(3) the phase range maximum between the synchronizing signal sent of active and standby synchronizing signal generation equipment can be determined;
Secondly, adopt unidirectional sync channel signal, and make synchronizing signal generation equipment and be to unidirectional from generation equipment by synchronizer by the signalling channel between the synchronizer, the output port that promptly has only this passage on synchronizing signal generation equipment is had only the input port of this passage by synchronizer; And active and standby sync channel signal physically separates;
At last, make by synchronizer and carry out error detection and switching, make by synchronizer and obtain the local clock support, the local clock precision need be higher than the synchronizing signal error precision, should carry out according to the following steps:
(1) master sync signal counting step: local clock began counting when master sync signal arrived; Master sync signal restarts counting after writing down local clock count value and zero clearing when arriving once more;
(2) be equipped with the synchronizing signal counting step: local clock begins counting when being equipped with the synchronizing signal arrival; Restart counting after writing down local clock count value and zero clearing when synchronizing signal arrives once more fully;
(3) analysis and switch step: set timing error tolerance threshold value, in each synchronizing cycle the clock count value of active and standby two signals is analyzed: excessive or too small and surpass the fault tolerant threshold value when the master sync signal count value, it is normal to be equipped with the synchronizing signal count value simultaneously, analysis result is master sync signal generation equipment or signalling channel fault, equipment switches to fully that synchronizing signal works on, alarm prompt maintenance master sync signal generation equipment and signalling channel; Excessive or too small and surpass the fault tolerant threshold value when being equipped with the synchronizing signal count value, the master sync signal count value is normal simultaneously, analysis result is to be equipped with synchronizing signal generation equipment or signalling channel fault, equipment works on but operating state is single synchronizing signal state, and the alarm prompt maintenance is equipped with synchronizing signal generation equipment and signalling channel; All excessive or too small and surpass the fault tolerant threshold value when active and standby synchronizing signal count value, analysis result is that this was all lost efficacy by synchronizer local clock fault or active and standby synchronizing signal, and this is entered abnormality processing by synchronizer, and the alarm maintenance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101356829A CN101815009B (en) | 2010-03-30 | 2010-03-30 | Hot backup synchronizing method supporting fault tolerance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101356829A CN101815009B (en) | 2010-03-30 | 2010-03-30 | Hot backup synchronizing method supporting fault tolerance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101815009A CN101815009A (en) | 2010-08-25 |
| CN101815009B true CN101815009B (en) | 2011-09-28 |
Family
ID=42622132
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101356829A Active CN101815009B (en) | 2010-03-30 | 2010-03-30 | Hot backup synchronizing method supporting fault tolerance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101815009B (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE19836347C2 (en) * | 1998-08-11 | 2001-11-15 | Ericsson Telefon Ab L M | Fault-tolerant computer system |
| US6694450B1 (en) * | 2000-05-20 | 2004-02-17 | Equipe Communications Corporation | Distributed process redundancy |
-
2010
- 2010-03-30 CN CN2010101356829A patent/CN101815009B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101815009A (en) | 2010-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105739299B (en) | Control device based on two-by-two-out-of-two safety redundancy system | |
| CN102269970B (en) | Security control system | |
| CN102053883B (en) | Control cycle synchronizer of triple-modular redundancy fault-tolerant computer | |
| CN103684734B (en) | A kind of hot-standby redundancy computer time synchronization system and method | |
| CN107634855A (en) | A kind of double hot standby method of embedded system | |
| CN104238435A (en) | Triple-redundancy control computer and fault-tolerant control system | |
| JP6167170B2 (en) | Method and switching unit for synchronous and reliable switching | |
| CN106648997A (en) | Master-salve switching method based on non-real-time operating system | |
| CN101441585A (en) | Accurate synchronizing method of three-module redundant fault tolerant computer | |
| CN104168639B (en) | A kind of method that base station clock synchronizes in communication network | |
| CN108551397A (en) | The communication control method of network bridge device and application and more PLC master stations and more PLC slave stations | |
| CN102830647A (en) | Double 2-vote-2 device for fail safety | |
| CN108282243A (en) | A kind of clock source guaranteed reliability's mechanism suitable for master-slave mode method for synchronizing time | |
| CN101629983B (en) | Judging method of double-bus bus-coupled running mode | |
| CN104486017B (en) | Satellite time service multi-node synchronization monitoring method based on IP light transmission | |
| CN105739469A (en) | Data center machine room freeze water secondary pump redundancy control system and method | |
| CN101815009B (en) | Hot backup synchronizing method supporting fault tolerance | |
| JP5620876B2 (en) | Network synchronizer shelf, network synchronizer | |
| CN111045863A (en) | Fault tolerance architecture and method for sensor data distribution network | |
| CN102385334A (en) | Distributed switching system of redundant timing system and switching method thereof | |
| CN101335541B (en) | Method implementing data synchronization between main and spare circuit board | |
| CN100563171C (en) | A kind of method and system that improve BITS equipment output reliability | |
| CN105406995A (en) | Wide-area protection system PTN synchronization network TC mode channel fault self-recovery method and device | |
| CN102928688A (en) | Method for synchronously testing automatic isolation of feeder fault from multiple points | |
| JP6063339B2 (en) | Train control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |