CN203759492U - Three-plus-one redundancy control communication bus structure for triplex redundancy control system - Google Patents
Three-plus-one redundancy control communication bus structure for triplex redundancy control system Download PDFInfo
- Publication number
- CN203759492U CN203759492U CN201320624039.1U CN201320624039U CN203759492U CN 203759492 U CN203759492 U CN 203759492U CN 201320624039 U CN201320624039 U CN 201320624039U CN 203759492 U CN203759492 U CN 203759492U
- Authority
- CN
- China
- Prior art keywords
- fault
- card
- communication
- tolerant
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000004891 communication Methods 0.000 title claims abstract description 78
- 230000005540 biological transmission Effects 0.000 claims description 9
- 230000015556 catabolic process Effects 0.000 abstract description 2
- 239000011159 matrix material Substances 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 9
- 238000000034 method Methods 0.000 description 6
- 238000013461 design Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000009885 systemic effect Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The utility model relates to a three-plus-one redundancy control communication bus structure for a triplex redundancy control system. The three-plus-one redundancy control communication bus structure is characterized by including step 1, a four-way communication interface of each of a control processor, an analog quantity input card, an analog quantity output card, an on-off quantity input card and an on-off quantity output card is extended outward; step 2, the four-way communication interfaces of the control processor, the analog quantity input card, the analog quantity output card, the on-off quantity input card and the on-off quantity output card that belong to a same triplex redundancy controller group are connected with a four-way control communication bus through a matrix mode. One control communication bus of the four-way control communication bus is a standby bus. The three-plus-one redundancy control communication bus structure is advantageous in that the whole control system is not lowered in safety level when a fault point exists in the control communication bus; to prevent system breakdown, at most three fault points are allowed by the control communication bus of the whole system.
Description
Technical field
The utility model relates to a kind of three-plus-one fault-tolerant communication control bus method of three fault-tolerant control system, and the three fault-tolerant control system that require for high security provide the design of the data communication bus of high reliability, belong to instrument for automatic control technical field.
Background technology
Up to the present, along with 5C technology---COMPUTER (computer technology), CONTROL (automatic control technology), COMMUNICATION (communication technology), CRT (display technique) and CHANGE (switch technology) development and perfect, traditional Distributed Control System (DCS) (being designated hereinafter simply as DCS) or programmable control system (being designated hereinafter simply as PLC) are more and more ripe, but their technology major part is the two redundancies based on not being superelevation security requirement, and communication control bus also adopts two redundancies.
For the higher industry of security requirement, for example Aero-Space, nuclear power, the emergency stopping system of petrochemical industry and the safety system of power plant require control system to adopt triple redundance or three fault-tolerant Control System Designs, three identical controllers (being designated hereinafter simply as DPU) or employing one use two are for mode, or employing concurrent working, output is got two voting machines by three and is judged rear output, the communication control bus now adopting is three fault-tolerant control buss, therefore communication control bus becomes one of gordian technique of three fault-tolerant control system securities reliably.
Because communication control bus can articulate considerable by communication apparatus (IO fastener) in practical application, it also likely designs from cabinet simultaneously, the even rugged surroundings in many interference sources (as being arranged together with electrical source of power), although most of communication control bus is to reduce the probability disturbing and take several steps on communication data packets is checked in when design, but still cannot avoid the failure of this frame communication, therefore cause the probability of residual data mistake to increase substantially.And along with the development of chip semiconductor technology, reliability and the security of the core component central processor CPU of DPU are more and more higher, the error rate of its generation has been less than the error rate of above-mentioned communication control bus, causes the decline of the safety grades of whole system.
Summary of the invention
The technical problems to be solved in the utility model is the security that improves three fault-tolerant control system.
In order to solve the problems of the technologies described above, the technical solution of the utility model has been to provide a kind of three-plus-one fault-tolerant communication control bus structure of three fault-tolerant control system, comprise at least one group of three fault-tolerant controller groups, every group of three fault-tolerant controller groups comprise three control processors with four road communication receiving/transmission devices, all control processors all connect and have the independently analog signal input card of Communication processor and communication receiving/transmission device of four tunnels, analog output unit, switching value input card and on-off output card, it is characterized in that, control processor, analog signal input card, analog output unit, switching value input card and on-off output card are all to external expansion four road communication interfaces, belong to the control processor of same three fault-tolerant controller groups, analog signal input card, analog output unit, switching value input card and communication interface Yu Si road, on-off output card Si road communication control bus connect by matrix-style, communication control bus Zhong You mono-road communication control bus in Si road is bus for subsequent use.
Preferably, all described analog signal input card, analog output unit, switching value input card and the on-off output card in described three fault-tolerant control system all has identical communication control bus interface modes.
The utility model has the advantages that: in the time that communication control bus has a trouble spot, do not reduce the safe class of whole control system, and systemic breakdown is not caused in three trouble spots of the highest permission generation of whole system communication control bus.
Brief description of the drawings
Fig. 1 is three-plus-one fault-tolerant communication control bus schematic diagram;
Fig. 2 has three fault-tolerant control system model machine schematic diagram of three-plus-one fault-tolerant communication control bus.
Embodiment
For the utility model is become apparent, hereby with preferred embodiment, and coordinate accompanying drawing to be described in detail below.
The utility model is the wherein technology based on three fault-tolerant control system, under every group controller of three fault-tolerant control system, can articulate 96 various types of fasteners, whole system can have 64 group controllers, below taking three fault-tolerant control system DEMO demo systems (model machine) as shown in Figure 2 as example, this model machine has two cover operator/engineer stations, one group of switch, two group of three fault-tolerant controller group, every group of three fault-tolerant controller groups comprise three control processors, under every control processor, hang three layers of trough, every trough has switching value input card, on-off output card, each two of analog signal input card and analog output unit.Every control processor has four road communication receiving/transmission devices; Every analog signal input card all has independently Communication processor and communication receiving/transmission device of four tunnels; Every analog output unit all has independently Communication processor and communication receiving/transmission device of four tunnels; Every switching value input card all has independently Communication processor and communication receiving/transmission device of four tunnels; Every on-off output card all has independently Communication processor and communication receiving/transmission device of four tunnels.
As shown in Figure 1, the three-plus-one fault-tolerant communication control bus method of a kind of three fault-tolerant control system that the utility model provides, the steps include:
Step 1, control processor, analog signal input card, analog output unit, switching value input card and on-off output card are all to external expansion four road communication interfaces;
Step 2, the control processor, analog signal input card, analog output unit, switching value input card and communication interface Yu Si road, the on-off output card Si road communication control bus that belong to same three fault-tolerant controller groups are connected by matrix-style, communication control bus Zhong You mono-road communication control bus in Si road is bus for subsequent use.
All analog signal input cards, analog output unit, switching value input card and on-off output card in three fault-tolerant control system all have identical communication control bus interface modes.
Ultimate principle of the present utility model is that the each control processor in every group of control processor is responsible for a road communication control bus, i.e. control processor DPU_A control bus A, control processor DPU_B control bus B, control processor DPU_C control bus C.In the time of any bus failure, bus D for subsequent use substitutes fault bus, to ensure still there is three-bus failure-free operation.
Communication control bus is divided into 14 kinds of situations of following table according to failure condition:
In the time of the equal non-fault of all communication control buses, three fault-tolerant control system operate on ABC three-bus, are combined to reach three and get two high safety grade with controller;
When a trouble spot appears in communication control bus, determine whether fault bus is switched in bus for subsequent use according to upper table fault bus situation, to ensure still having three-bus normally to move, be combined with controller and still reach three and get two the highest safety priority;
When two trouble spots appear in communication control bus, determine whether fault bus is switched in bus for subsequent use according to upper table fault bus situation, now system only has two buses normally to move, and causes a corresponding controller off-the-line, and three fault-tolerant control system are downgraded to two and get two safe class;
When three trouble spots appear in communication control bus, determine whether fault bus is switched in bus for subsequent use according to upper table fault bus situation, now system only has a bus normally to move, and causes two corresponding controller off-the-lines, and three fault-tolerant control system are downgraded to one and get one safe class.
Utilize three fault-tolerant control system to build one taking the test procedure of second as the horse race lamp of step order, make the LED lamp on on-off output card can intuitively reflect system responses state, observe communication control bus pilot lamp on board simultaneously and come the communication state of intuitive judgment communication control.
Test respectively by short circuit, open circuit and import by force three kinds of methods of high-frequency interferencing signal, every kind of method is carried out 14 times, covert excision communication control bus A, B, C, D, AB, AC, AD, BC, BD, CD, ABC, ABD, ACD and BCD, evidence is in above all tests, the variation of the LED state lamp that horse race lamp test procedure reflects is not affected, and the communication control bus pilot lamp on board shows the malfunction of communication control bus according to different situations.
Claims (2)
1. the three-plus-one fault-tolerant communication control bus structure of a fault-tolerant control system, comprise at least one group of three fault-tolerant controller groups, every group of three fault-tolerant controller groups comprise three control processors with four road communication receiving/transmission devices, all control processors all connect and have the independently analog signal input card of Communication processor and communication receiving/transmission device of four tunnels, analog output unit, switching value input card and on-off output card, it is characterized in that, control processor, analog signal input card, analog output unit, switching value input card and on-off output card are all to external expansion four road communication interfaces, belong to the control processor of same three fault-tolerant controller groups, analog signal input card, analog output unit, switching value input card and communication interface Yu Si road, on-off output card Si road communication control bus connect by matrix-style, communication control bus Zhong You mono-road communication control bus in Si road is bus for subsequent use.
2. the three-plus-one fault-tolerant communication control bus structure of a kind of three fault-tolerant control system as claimed in claim 1, is characterized in that: all described analog signal input card, analog output unit, switching value input card and on-off output card in described three fault-tolerant control system all have identical communication control bus interface modes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201320624039.1U CN203759492U (en) | 2013-10-10 | 2013-10-10 | Three-plus-one redundancy control communication bus structure for triplex redundancy control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201320624039.1U CN203759492U (en) | 2013-10-10 | 2013-10-10 | Three-plus-one redundancy control communication bus structure for triplex redundancy control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN203759492U true CN203759492U (en) | 2014-08-06 |
Family
ID=51254746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201320624039.1U Expired - Lifetime CN203759492U (en) | 2013-10-10 | 2013-10-10 | Three-plus-one redundancy control communication bus structure for triplex redundancy control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN203759492U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3316262A4 (en) * | 2015-06-25 | 2019-04-17 | Federal State Unitary Enterprise "All - Russian Research Institute Of Automatics" | Safety control system for a nuclear power plant |
| CN114326368A (en) * | 2021-12-16 | 2022-04-12 | 三一汽车制造有限公司 | Pump truck control method and system and pump truck |
-
2013
- 2013-10-10 CN CN201320624039.1U patent/CN203759492U/en not_active Expired - Lifetime
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3316262A4 (en) * | 2015-06-25 | 2019-04-17 | Federal State Unitary Enterprise "All - Russian Research Institute Of Automatics" | Safety control system for a nuclear power plant |
| CN114326368A (en) * | 2021-12-16 | 2022-04-12 | 三一汽车制造有限公司 | Pump truck control method and system and pump truck |
| CN114326368B (en) * | 2021-12-16 | 2024-04-12 | 三一汽车制造有限公司 | Pump truck control method and system and pump truck |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110351174B (en) | Module redundancy safety computer platform | |
| CN103149907B (en) | Hot-redundancy CAN (Controller Area Network)-bus high-fault-tolerance control terminal and method based on dual DSPs (Digital Signal Processors) | |
| CN201909961U (en) | Redundancy control system | |
| CN102096401B (en) | Redundant and fault-tolerant safety instrument control system based on fieldbus and ARM (advanced RISC machines) | |
| CN110376876B (en) | Double-system synchronous safety computer platform | |
| JP4886601B2 (en) | Apparatus and method for operating USB interface equipment | |
| US10725881B2 (en) | Method for locating and isolating failed node of electromechnical management bus in communication device | |
| CN107957692B (en) | Controller redundancy method, device and system | |
| CN103647781A (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| CN107967194B (en) | Safety computer system based on redundant Ethernet | |
| CN105095001A (en) | Virtual machine exception recovery method under distributed environment | |
| CN108255123B (en) | Train LCU control equipment based on two software and hardware voting | |
| RU2011114637A (en) | MICROPROCESSOR SYSTEM FOR CENTRALIZATION OF ARROWS AND SIGNALS | |
| CN103092186B (en) | Voting structure of two out of three secure output and voting method thereof | |
| CN203759492U (en) | Three-plus-one redundancy control communication bus structure for triplex redundancy control system | |
| KR20140141938A (en) | Redundancy method of communication module in Programmable Logic Controller system | |
| CN105938356A (en) | Hardware redundancy and operation pace synchronization system of control module in DCS | |
| CN102156669B (en) | Arbitration system of vehicle-mounted train control equipment | |
| CN103543715A (en) | Three-plus-one redundancy control communication bus method for triplex redundancy control system | |
| US6832331B1 (en) | Fault tolerant mastership system and method | |
| CN101916212B (en) | System and method for fault-to-safety of COTS (Commercial Off-The-Shelf) computer | |
| CN104007657A (en) | Device and method for butt-jointing triple redundancy system and dual redundancy system | |
| CN108762237B (en) | Spare part detection system of distributed control system | |
| CN202744217U (en) | Programmable logic controller (PLC) redundant system for nuclear power station circular crane control system | |
| KR101345512B1 (en) | Digital Protective Relay with Duplex Function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20140806 |