WO2021035867A1 - Redundancy control method for main and standby controllers - Google Patents

Redundancy control method for main and standby controllers Download PDF

Info

Publication number
WO2021035867A1
WO2021035867A1 PCT/CN2019/108638 CN2019108638W WO2021035867A1 WO 2021035867 A1 WO2021035867 A1 WO 2021035867A1 CN 2019108638 W CN2019108638 W CN 2019108638W WO 2021035867 A1 WO2021035867 A1 WO 2021035867A1
Authority
WO
WIPO (PCT)
Prior art keywords
standby
controller
data
main
main controller
Prior art date
Application number
PCT/CN2019/108638
Other languages
French (fr)
Chinese (zh)
Inventor
滕占伟
刘刚林
Original Assignee
北京东土科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京东土科技股份有限公司 filed Critical 北京东土科技股份有限公司
Publication of WO2021035867A1 publication Critical patent/WO2021035867A1/en

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors

Definitions

  • the invention relates to the technical field of industrial automatic control, and in particular to a redundant control method for a main and standby controller.
  • the industrial control field puts forward higher requirements for the reliability of the control system, so there is a dual-computer redundancy technology, a pair of redundant controllers, when the main controller fails, the standby control The controller can replace its work at the first time to ensure the sustainable operation of the control system.
  • the input variable data sources of the main and standby controllers are all from the external input variable data of the external bus.
  • the main and standby controllers perform logical operations, consistency judgments, and switching logic judgments on these data respectively. Since the input variable data comes from external data, when the main and standby controllers have synchronization errors in their respective operation cycles, resulting in a time difference in the external data read, the main and standby controllers may read different data separately, which will cause the calculation results to be incorrect.
  • the inconsistency causes transmission failure of the control system and affects reliability. Therefore, it is necessary to add a synchronization mechanism to maintain the operation of both the active and standby controllers to reduce the disturbance caused by the switching of the active and standby controllers and ensure the uninterrupted and stable operation of the control system.
  • the main purpose of the present invention is to provide a redundant control method for the main and standby controllers, which ensures that the main and standby controllers can read the same input variable data by making the standby controller obtain input variable data from the main controller. , Output the same calculation result under normal operation, so as to ensure the consistency of the data in the main and standby controllers, and avoid the technical problems mentioned in the background art.
  • the technical solution adopted by the present invention is a redundant control method for the active and standby controllers.
  • the method includes the following steps:
  • the main controller obtains external input variable data;
  • the standby controller obtains the input variable data from the main controller;
  • the main controller and the backup controller respectively perform logic operations on the input variable data
  • the present invention obtains the input variable data from the outside through the main controller, and synchronizes the input variable data to the standby controller, so that both the main and standby controllers perform synchronous logic operations on the input variable data and judge the results of the logic operations. , When the judgment is consistent, the data is output, thereby ensuring the consistency of the main and standby controllers, preventing the main and standby controllers from reading different data respectively, resulting in inconsistent calculation results, causing transmission failures of the control system, and affecting the reliability of the system.
  • step A further includes: when the standby controller fails to obtain the input variable data from the main controller, the standby controller obtains the external input variable data, and initiates the switch arbitration logic step.
  • the active and standby switching arbitration of the active and standby controllers can be realized.
  • the active and standby controllers communicate their own status information to each other through the state communication channel for the other party to diagnose their own activity. When it is diagnosed as abnormal When the time, the status information is changed and sent to the other party as soon as possible.
  • the two parties make active/standby switch arbitration based on the latest state information and weights, and adjust their respective active/standby states, thereby reducing the disturbance caused by the switching of the active and standby controllers, and save Eliminate system downtime to ensure uninterrupted and stable operation of the control system.
  • the failure includes: the standby controller does not receive the input variable data sent by the main controller within a specific time.
  • the main controller when the main controller receives new input variable data, it will synchronize to the standby controller.
  • the standby controller does not receive it within a certain period of time, it is determined that the synchronization process is abnormal.
  • the arbitration logic can be started, and the arbitration of the main and standby switching can be performed.
  • step B includes:
  • the main controller sends a start signal to the standby controller, and the main controller performs logic operations on the input variable data;
  • the standby controller After receiving the start signal, the standby controller executes logic operations on the input variable data.
  • the start signal is used as the trigger signal for the backup controller to perform logic operations.
  • the main controller executes the logic operations in this cycle, it needs to send the start signal to the backup controller to make the backup controller perform logical operations synchronously to ensure that the main and backup controllers perform logical operations.
  • the logic operation of the controller is performed synchronously.
  • step of determining the consistency of the result of the logical operation in step C includes:
  • the main controller sends the data related to the logic operation result to the backup controller, and the backup controller makes the consistency judgment of the data related to the logic operation result and its own logic operation result related data.
  • the data related to the result of the logical operation includes a data check value calculated according to the result of the logical operation.
  • the main controller sends the data check value of the logical operation to the standby controller, judges the consistency with the logical operation result of the standby controller, and feeds back the comparison result to the main controller .
  • step of outputting the result in step C includes:
  • the main controller After the backup controller feeds back the consistency information to the main controller, the main controller outputs the result.
  • the main controller determines that the logical operation results of the main and standby controllers are consistent, the main controller outputs the calculation results as output data.
  • step C when the results in step C are inconsistent, it also includes:
  • the main controller Before executing step B of the next cycle, the main controller also synchronizes the dynamic data including the calculation process value to the standby controller, and the calculation process value is used for the logic operation.
  • the main controller defaults that its calculation result is the correct result and outputs it. At the same time, it can also output an alarm message to determine that the logical operation of the standby controller is wrong, and the following
  • the calculation process variable including global variable data and process variable data will also be synchronized to the standby controller.
  • the main controller Before performing step A, the main controller performs the steps of static data synchronization and dynamic data synchronization with the standby controller;
  • the static data includes logical engineering files and configuration files
  • the dynamic data includes external input variable data and calculation process quantity.
  • a further improvement also includes that the active and standby controllers periodically transmit their own status information, and start the switching arbitration logic step when the status information is abnormal.
  • the active and standby controllers when both the active and standby controllers are operating normally, the active and standby controllers periodically transmit their own status information through the status communication channel. This information is similar to a heartbeat signal for the peer computer to determine its own activity. When it is abnormal, the status information will be changed and sent to the opposite terminal as soon as possible. The two parties will make active/standby switch arbitration based on the latest status information and weight, and adjust their respective active/standby status.
  • the arbitration logic is based on at least one of the following to perform active/standby switch arbitration:
  • the above-mentioned different states can set different weights and/or priorities for the arbitration judgment of the master/slave switchover.
  • the status information weight is mainly used to provide a mechanism to ensure that the system can make the switch arbitration of the active and standby when the active and standby controllers that are redundant with each other are faulty.
  • the weight sequence can be adjusted according to the specific system and application.
  • Fig. 1 is a flow chart of the redundant control method of the main and standby controllers of the present invention
  • FIG. 2 is a schematic diagram of the data synchronization process of the active and standby controllers during the power-on and startup stage of the present invention
  • Figure 3 is a schematic diagram of the data synchronization process of the main and standby controllers in the download stage of the project of the present invention
  • FIG. 4 is a schematic diagram of the data synchronization process of the active and standby controllers in the normal cycle of the present invention
  • FIG. 5 is a schematic diagram of the arbitration process of the master/backup switch of the present invention.
  • FIG. 6 is a schematic diagram of an embodiment of the data synchronization process of the active and standby controllers in the normal cycle of the present invention
  • FIG. 7 is a schematic diagram of an embodiment of the data synchronization process of the active and standby controllers in the download stage of the project of the present invention.
  • the redundant control method of the main and standby controllers provided by the present invention is applied to a pair of redundant controllers, one of which is the main controller (local machine), which performs the collection of external data (ie, external data) and The control command (which is the result of the calculation, which belongs to a kind of output data) is sent, and the other is the standby controller (the opposite machine), which receives the data synchronized by the main controller.
  • the main controller local machine
  • the control command which is the result of the calculation, which belongs to a kind of output data
  • the standby controller the opposite machine
  • the flow chart of the redundancy control method of the active and standby controllers as shown in Fig. 1, when applied to the above-mentioned active and standby controllers for redundant control, includes the following steps:
  • This step is the step at the beginning of the power-on startup phase or the project download phase, is the step before the redundancy control enters the normal cycle, and is the preparation phase before the normal synchronization logic operation of the main and standby controllers.
  • the static data on the memory includes a logic project file and a configuration file, and then when a static data synchronization request from the standby controller is received, the static data is synchronized to the standby controller;
  • the main controller After the main controller obtains static data from the outside through the bus or network, it will store the static data in its own memory, and will read the static data in its own memory every time it is normally powered on. If it cannot be read, the static data will be retrieved from the outside;
  • the main controller In addition to static data, the main controller also synchronizes dynamic data to the standby controller.
  • the dynamic data includes input variable data, global variable data, and process variable data.
  • the input variable data is obtained by the main controller from external devices (IO, etc.) through the bus.
  • the global variable data is generally system attribute variables and clock count variables, etc.
  • the process variable data is an intermediate variable in the logic operation process.
  • the main controller will synchronize the acquired dynamic data (input variable data and calculation process data) to the standby controller, so that the preparation work for the main and standby controllers is completed, and the steps can be performed S200 logic operation.
  • the process of downloading the project shown in Figure 3 will be described in further detail later.
  • the calculation process data (global variable data, process variable data) in the above static data and dynamic data needs to be synchronized between the main and standby controllers during the power-on and start-up phase or the project download phase to ensure the main and standby control The consistency of the device data.
  • the standby controller when the standby controller does not receive the static data and dynamic data sent by the main controller within a certain period of time, the standby controller needs to obtain relevant data from the outside by itself, and initiate the switch arbitration logic step.
  • S200 The main controller and the standby controller respectively perform logic operations on the input variable data
  • the master controller obtains it through the bus Input variable data from an external device, and synchronize the input variable data to the standby controller, so that the main and standby controllers perform logical operations on the input variable data respectively.
  • step S300 Perform consistency judgment on the results of the respective logic operations of the main and standby controllers. When the judgment is consistent, the main controller outputs the result data to the outside, and returns to step S200 to enter the next cycle.
  • the present invention enables the standby controller to obtain external input variable data from the main controller, and synchronize the logic operation and the consistency determination of the logic operation result to ensure that the main and standby controllers read the same input variable. Data, so as to ensure the consistency of the main and standby controllers and avoid the technical problems mentioned in the background art.
  • the above mainly describes the data synchronization method between the main and standby controllers of the present invention, and the arbitration logic of the main and standby switching of the present invention is introduced below.
  • the standby controller does not receive the data (static data or dynamic data) synchronized by the main controller within a certain period of time, at this time, the standby controller loads The data (static data and dynamic data) obtained from the bus, and start the switch arbitration logic step; and between the main and standby controllers will periodically transmit their own status information to the other party through the status communication channel, and start when the status information is abnormal Switch the arbitration logic.
  • the status information includes key task running status, logical task running status, communication status with HMI, communication status with IO, communication status with other control stations, communication status with peer machine, etc., and the status information is used as the main The basis for the standby handover arbitration, and the status information can be customized according to the specific system.
  • the weight of the status information is as follows:
  • each status information can also be set with different priorities.
  • the weight of the above status information is mainly used to provide a mechanism to ensure that the system can make the switch arbitration when the active and standby controllers that are redundant with each other are faulty.
  • the above weight sequence is only the recommended sequence of the general system, and can be based on the specific System and application adjustments.
  • the active and standby controllers when the active and standby controllers are in normal operation, the active and standby controllers transmit their own state information through the state communication channel in a cycle and change synchronization manner. This information is similar to a heartbeat signal for the peer computer to determine its own activity. When it is diagnosed that its own status information has changed, the status information is changed and sent to the opposite terminal as soon as possible.
  • the two parties make the master/backup switch arbitration according to the latest status information and weight, and adjust their respective master/backup status;
  • the state communication channel between the standby controllers must be reliable.
  • the state information of the peer machine is not obtained in multiple cycles, it is determined that the peer machine is running abnormally. If the machine is the master controller, the standby controller will alarm if the machine is abnormal. As the standby controller, it sends a message to the peer machine to become the master controller through the status communication channel and the master/backup high-speed data channel, and then becomes the master controller, and the peer machine becomes the backup controller to complete the master/backup switch
  • the active-standby switching arbitration mode in this embodiment supports single-machine mode, dual-master mode, and dual-standby mode, which can be selected according to the specific system.
  • the detection during the main-standby switching arbitration process does not obtain the peer machine
  • the number of times of status information and the time delay from sending the host upgrade message to the host performing the host upgrade action need to be set according to the time endurance of the specific system.
  • FIG. 5 shows a specific embodiment of the master-slave handover arbitration, which includes the following steps:
  • S501-502 The local machine and the peer machine periodically transmit their own state information through the state communication channel.
  • parties diagnoses that its state information has changed it first determines whether the peer machine is offline, and if it goes offline, go to step S503; If it is not offline, execute step S508;
  • S505-507 Determine the role of the local machine. If the machine is the standby controller, switch the standby controller to the main controller to work, and end the arbitration task of the main-standby switchover; if the local machine is the main controller, then Standby controller abnormal alarm prompt, and end the arbitration task of this master/standby switchover;
  • S508-511 For the case that the peer machine is not offline, determine whether there is a heartbeat data packet on the current heartbeat data queue. If there is a heartbeat data packet, read the soft heartbeat data packet on the heartbeat data queue and update the peer machine If there is no heartbeat data packet, check the switching lock status of the peer machine and the local machine, if one of the parties is in the locked state, end the current master-slave switching arbitration task, otherwise go to step S512;
  • S512-513 In the case that both the local machine and the peer machine are not locked, calculate the health value of its own and the health value of the peer machine according to the algorithm, and perform the subsequent steps according to the status of the two machines;
  • S526-530 If the dual-master mode is adopted, first judge the health status of the local machine. If it is worse than the peer machine, switch the machine to the standby controller and end the arbitration task of the master-standby switchover; if it is equal to the peer end If it is a small IP, then no need to switch, and end the arbitration task of the master/backup switch; if it is a large IP, switch to the backup controller and end the current master/backup switch Arbitration task; if it is better than the peer machine, keep the host state unchanged.
  • Fig. 6 shows a specific embodiment of the data synchronization process of the active and standby controllers in the normal cycle period, which includes the following steps:
  • S601-602 At the beginning of a cycle, the main controller reads the input variable data from the external device from the bus and stores it in its buffer;
  • the standby controller waits for the data and starts timing. If it times out, it will read the input variable data from the external device from the bus and store it in its buffer. The device will receive the data sent by the main controller in the subsequent step S605 and reset the timer;
  • the main controller determines the data to be synchronized to the standby controller according to the check result from the standby controller received in the previous cycle. When the check result is consistent, the main controller sets the input variable The data is sent to the standby controller; when it is inconsistent, the main controller sends all dynamic data, namely global variables, process variables, and the input variable data to the standby controller in turn; among them, the global variable data and the process variable data are The current calculation process volume data.
  • S606-607 The main controller sends a start signal to the standby controller, and the main controller performs logic operations on the input variable data;
  • the standby controller After the standby controller receives the start signal sent by the main controller, it also executes logic operation on the input variable data; the above start signal is used as the trigger signal for the standby controller to start the logic operation, so that the logic operation process of the main and standby controller Execute in the same cycle.
  • S610 The standby controller judges the consistency between the received data check value and its own data check value calculated by the logical operation result
  • Figure 7 shows a specific embodiment of the data synchronization process of the active and standby controllers in the project download stage, including the following steps:
  • S706 The main controller downloads a new project file from the external device, and when the download is completed, sends a signal of completion of the download to the standby controller;
  • S711 The standby controller is started, the switching lock state is released, and the dynamic data of the main controller is waited for.

Abstract

A redundancy control method for main and standby controllers. In each normal synchronization cycle, the method comprising the steps: A) a main controller acquiring external input variable data, and a standby controller obtaining input variable data from the main controller; B) the main and standby controllers respectively performing a logic operation on the input variable data; and C) performing consistency determination on a result of the logic operation, and outputting the result as output data when the determination result is consistent. By means of optimizing the design of logic synchronization of the main and standby controllers and the arbitration of switching between the main controller and the standby controller, the consistency of the main and standby controllers is ensured, the disturbance caused by the switching of the main and standby controllers is reduced, system downtime is saved, and the uninterrupted and stable operation of a control system is ensured.

Description

主备控制器的冗余控制方法Redundant control method of main and standby controllers 技术领域Technical field
本发明涉及工业自动控制技术领域,特别涉及一种主备控制器的冗余控制方法。The invention relates to the technical field of industrial automatic control, and in particular to a redundant control method for a main and standby controller.
背景技术Background technique
随着工业自动控制的发展,工控现场对控制系统的可靠性提出了更高的要求,于是出现了双机冗余技术,互为冗余的一对控制器,当主控制器故障时,备控制器可以第一时间代替其工作,以保证控制系统的可持续运行。With the development of industrial automatic control, the industrial control field puts forward higher requirements for the reliability of the control system, so there is a dual-computer redundancy technology, a pair of redundant controllers, when the main controller fails, the standby control The controller can replace its work at the first time to ensure the sustainable operation of the control system.
在冗余控制中,主、备控制器的输入变量数据来源均来自外部总线的外部输入变量数据,主、备控制器分别对这些数据进行逻辑运算、一致性判断,以及切换逻辑的判断等。由于输入变量数据均来自外部数据,当主、备控制器各自运算周期同步出现误差时,导致读取的外部数据产生时差,则可能主、备控制器分别读取到不同的数据,导致计算结果的不一致,造成控制系统发送故障,影响可靠性。因此需要给主备控制器增加有维持两者运行的同步机制,以降低主备控制器切换时造成的扰动,保证控制系统的无间断稳定运行。In redundant control, the input variable data sources of the main and standby controllers are all from the external input variable data of the external bus. The main and standby controllers perform logical operations, consistency judgments, and switching logic judgments on these data respectively. Since the input variable data comes from external data, when the main and standby controllers have synchronization errors in their respective operation cycles, resulting in a time difference in the external data read, the main and standby controllers may read different data separately, which will cause the calculation results to be incorrect. The inconsistency causes transmission failure of the control system and affects reliability. Therefore, it is necessary to add a synchronization mechanism to maintain the operation of both the active and standby controllers to reduce the disturbance caused by the switching of the active and standby controllers and ensure the uninterrupted and stable operation of the control system.
发明内容Summary of the invention
有鉴于此,本发明的主要目的在于提供一种主备控制器的冗余控制方法,通过使备控制器从主控制器获取输入变量数据,保证主备控制器读取到相同的输入变量数据,在正常运行的情况下输出相同的计算结果,从而保证主备控制器内数据的一致性,避免背景技术所提到的技术问题。In view of this, the main purpose of the present invention is to provide a redundant control method for the main and standby controllers, which ensures that the main and standby controllers can read the same input variable data by making the standby controller obtain input variable data from the main controller. , Output the same calculation result under normal operation, so as to ensure the consistency of the data in the main and standby controllers, and avoid the technical problems mentioned in the background art.
本发明采用的技术方案为,一种主备控制器的冗余控制方法,在 每个正常的同步周期,包括步骤:The technical solution adopted by the present invention is a redundant control method for the active and standby controllers. In each normal synchronization period, the method includes the following steps:
A、主控制器获取外部输入变量数据;备控制器从主控制器获得所述输入变量数据;A. The main controller obtains external input variable data; the standby controller obtains the input variable data from the main controller;
B、主、备控制器分别将所述输入变量数据进行逻辑运算;B. The main controller and the backup controller respectively perform logic operations on the input variable data;
C、对逻辑运算的结果进行一致性判断,并在判断为一致时将结果作为输出数据输出。C. Perform consistency judgment on the result of logical operation, and output the result as output data when the judgment is consistent.
由上,本发明通过主控制器从外部获取输入变量数据,并把输入变量数据同步给备控制器,使主备控制器均对输入变量数据进行同步逻辑运算,并对逻辑运算的结果进行判断,判断一致时再输出数据,从而保证了主备控制器的一致性,防止主备控制器分别读取到不同的数据,导致计算结果的不一致,造成控制系统发送故障,影响系统的可靠性。From the above, the present invention obtains the input variable data from the outside through the main controller, and synchronizes the input variable data to the standby controller, so that both the main and standby controllers perform synchronous logic operations on the input variable data and judge the results of the logic operations. , When the judgment is consistent, the data is output, thereby ensuring the consistency of the main and standby controllers, preventing the main and standby controllers from reading different data respectively, resulting in inconsistent calculation results, causing transmission failures of the control system, and affecting the reliability of the system.
进一步改进,步骤A还包括:所述备控制器从主控制器获得所述输入变量数据失败时,备控制器获取外部输入变量数据,并启动切换仲裁逻辑步骤。As a further improvement, step A further includes: when the standby controller fails to obtain the input variable data from the main controller, the standby controller obtains the external input variable data, and initiates the switch arbitration logic step.
由上,通过仲裁逻辑可实现主备控制器的主备切换仲裁,主备控制器相互之间通过状态通信通道向对方传递自身状态信息,以供对方诊断自身的活跃性,当诊断到自身异常时,则变更状态信息并第一时间发送给对方,双方根据最新的状态信息和权重做出主备切换仲裁,并调整各自的主备状态,从而降低主备控制器切换时造成的扰动,省去系统停机时间,保证控制系统的无间断稳定运行。From the above, through the arbitration logic, the active and standby switching arbitration of the active and standby controllers can be realized. The active and standby controllers communicate their own status information to each other through the state communication channel for the other party to diagnose their own activity. When it is diagnosed as abnormal When the time, the status information is changed and sent to the other party as soon as possible. The two parties make active/standby switch arbitration based on the latest state information and weights, and adjust their respective active/standby states, thereby reducing the disturbance caused by the switching of the active and standby controllers, and save Eliminate system downtime to ensure uninterrupted and stable operation of the control system.
其中,所述失败包括:备控制器在特定时间内未收到主控制器发送的所述输入变量数据。Wherein, the failure includes: the standby controller does not receive the input variable data sent by the main controller within a specific time.
由上,正常运行状态下,主控制器在接收到新的输入变量数据时,会同步至备控制器,当备控制器在特定时间内未收到时,则判定同步过程出现异常,此时可启动仲裁逻辑,进行主备切换仲裁。From the above, in normal operation, when the main controller receives new input variable data, it will synchronize to the standby controller. When the standby controller does not receive it within a certain period of time, it is determined that the synchronization process is abnormal. The arbitration logic can be started, and the arbitration of the main and standby switching can be performed.
其中,步骤B包括:Among them, step B includes:
由主控制器向备控制器发送启动信号,且,主控制器将所述输入变量数据进行逻辑运算;The main controller sends a start signal to the standby controller, and the main controller performs logic operations on the input variable data;
备控制器在收到所述启动信号后,将所述输入变量数据执行逻辑运算。After receiving the start signal, the standby controller executes logic operations on the input variable data.
由上,启动信号作为备控制器执行逻辑运算的触发信号,主控制器在执行本周期内的逻辑运算前,需发送启动信号至备控制器,使备控制器同步进行逻辑运算,保证主备控制器逻辑运算的同步进行。From the above, the start signal is used as the trigger signal for the backup controller to perform logic operations. Before the main controller executes the logic operations in this cycle, it needs to send the start signal to the backup controller to make the backup controller perform logical operations synchronously to ensure that the main and backup controllers perform logical operations. The logic operation of the controller is performed synchronously.
其中,步骤C所述对逻辑运算的结果进行一致性判断的步骤包括:Wherein, the step of determining the consistency of the result of the logical operation in step C includes:
主控制器将逻辑运算结果相关数据发送给备控制器,由备控制器将该逻辑运算结果相关数据与自己的逻辑运算结果相关数据进行一致性判断。The main controller sends the data related to the logic operation result to the backup controller, and the backup controller makes the consistency judgment of the data related to the logic operation result and its own logic operation result related data.
其中,所述逻辑运算结果相关数据包括根据包括逻辑运算结果计算的数据校验值。Wherein, the data related to the result of the logical operation includes a data check value calculated according to the result of the logical operation.
由上,同一个周期的逻辑运算结束后,主控制器将逻辑运算的数据校验值发送至备控制器,与备控制器的逻辑运算结果进行一致性判断,并反馈比较结果至主控制器。From the above, after the logical operation of the same cycle is over, the main controller sends the data check value of the logical operation to the standby controller, judges the consistency with the logical operation result of the standby controller, and feeds back the comparison result to the main controller .
其中,步骤C所述将结果输出的步骤包括:Wherein, the step of outputting the result in step C includes:
由备控制器反馈给主控制器一致性信息后,由主控制器将结果输出。After the backup controller feeds back the consistency information to the main controller, the main controller outputs the result.
由上,当备控制器判断主备控制器的逻辑运算结果一致时,主控制器将运算结果作为输出数据进行输出。From the above, when the standby controller determines that the logical operation results of the main and standby controllers are consistent, the main controller outputs the calculation results as output data.
进一步改进,步骤C所述结果不一致时,还包括:Further improvement, when the results in step C are inconsistent, it also includes:
在执行下一周期的步骤B前,主控制器还将包括运算过程量的动态数据同步给备控制器,所述运算过程量用于所述逻辑运算。Before executing step B of the next cycle, the main controller also synchronizes the dynamic data including the calculation process value to the standby controller, and the calculation process value is used for the logic operation.
由上,当备控制器进行一致性判断的结果不一致时,主控制器默认自己的运算结果为正确结果并进行输出,同时还可输出一报警信息,判定备控制器的逻辑运算出错,并在下一个新周期到来时,除了同步新的输入变量数据至备控制器,还会将包括全局变量数据和过程变量数据的运算过程量同步至备控制器。From the above, when the results of the consistency judgment of the standby controller are inconsistent, the main controller defaults that its calculation result is the correct result and outputs it. At the same time, it can also output an alarm message to determine that the logical operation of the standby controller is wrong, and the following When a new cycle arrives, in addition to synchronizing the new input variable data to the standby controller, the calculation process variable including global variable data and process variable data will also be synchronized to the standby controller.
进一步改进,在上电过程中或工程下装过程中还包括:Further improvements, during the power-on process or the project download process also include:
在执行步骤A前,主控制器向备控制器进行静态数据同步、动态数据同步的步骤;Before performing step A, the main controller performs the steps of static data synchronization and dynamic data synchronization with the standby controller;
所述静态数据包括逻辑工程文件、配置文件;The static data includes logical engineering files and configuration files;
所述动态数据包括外部输入变量数据、运算过程量。The dynamic data includes external input variable data and calculation process quantity.
由上,在运行主备控制器的冗余控制之前,需要将预先设定的工程配置文件和逻辑运算工程文件等静态数据同步到主控制器,并由主控制器同步至备控制器,使主备控制器保持一致,然后再进行动态数据的同步,然后即可正常运行主备控制器的冗余控制。From the above, before running the redundant control of the main and standby controllers, it is necessary to synchronize the static data such as the preset project configuration file and logic operation project file to the main controller, and synchronize the main controller to the standby controller, so that The main and standby controllers are kept consistent, and then the dynamic data is synchronized, and then the redundant control of the main and standby controllers can be run normally.
进一步改进,还包括,主备控制器周期性传递自身状态信息,并在状态信息异常时启动切换仲裁逻辑步骤。A further improvement also includes that the active and standby controllers periodically transmit their own status information, and start the switching arbitration logic step when the status information is abnormal.
由上,主备控制器均处于运行正常情况下,主备控制器之间通过状态通信通道周期性传递自身状态信息,此信息类似心跳信号,以供对端机判定自身的活跃性,当诊断到自身异常时,则变更状态信息并第一时间发送给对端机,双方根据最新的状态信息和权重做出主备切换仲裁,并调整各自主备状态。From the above, when both the active and standby controllers are operating normally, the active and standby controllers periodically transmit their own status information through the status communication channel. This information is similar to a heartbeat signal for the peer computer to determine its own activity. When it is abnormal, the status information will be changed and sent to the opposite terminal as soon as possible. The two parties will make active/standby switch arbitration based on the latest status information and weight, and adjust their respective active/standby status.
其中,所述仲裁逻辑依据至少下述之一进行主备切换仲裁:Wherein, the arbitration logic is based on at least one of the following to perform active/standby switch arbitration:
关键任务运行状态、逻辑任务运行状态、与HMI通信状态、与IO通信状态、与其他控制站之间的通信状态、与对端机通信状态;Key task running status, logic task running status, communication status with HMI, communication status with IO, communication status with other control stations, communication status with peer machine;
上述不同的状态可设置不同的用于主备切换仲裁判断的权值和/或优先级。The above-mentioned different states can set different weights and/or priorities for the arbitration judgment of the master/slave switchover.
由上,状态信息权重主要用于互为冗余的主备控制器均有故障时,提供一种机制保证系统能做出主备切换仲裁,权重顺序可以根据具体系统和应用进行调整。From the above, the status information weight is mainly used to provide a mechanism to ensure that the system can make the switch arbitration of the active and standby when the active and standby controllers that are redundant with each other are faulty. The weight sequence can be adjusted according to the specific system and application.
附图说明Description of the drawings
图1为本发明主备控制器的冗余控制方法的流程图;Fig. 1 is a flow chart of the redundant control method of the main and standby controllers of the present invention;
图2为本发明上电启动阶段主备控制器数据同步过程示意图;2 is a schematic diagram of the data synchronization process of the active and standby controllers during the power-on and startup stage of the present invention;
图3为本发明工程下装阶段主备控制器数据同步过程示意图;Figure 3 is a schematic diagram of the data synchronization process of the main and standby controllers in the download stage of the project of the present invention;
图4为本发明正常循环周期主备控制器数据同步过程示意图;4 is a schematic diagram of the data synchronization process of the active and standby controllers in the normal cycle of the present invention;
图5为本发明主备切换仲裁过程示意图;FIG. 5 is a schematic diagram of the arbitration process of the master/backup switch of the present invention;
图6为本发明正常循环周期主备控制器数据同步过程的一个实施例的示意图;6 is a schematic diagram of an embodiment of the data synchronization process of the active and standby controllers in the normal cycle of the present invention;
图7为本发明工程下装阶段主备控制器数据同步过程的一个实施例的示意图。FIG. 7 is a schematic diagram of an embodiment of the data synchronization process of the active and standby controllers in the download stage of the project of the present invention.
具体实施方式detailed description
下面参照图1~图6对本发明所述的主备控制器的冗余控制方法的具体实施方式进行详细说明。Hereinafter, specific implementations of the redundant control method of the active and standby controllers of the present invention will be described in detail with reference to FIGS. 1 to 6.
本发明提供的主备控制器的冗余控制方法,应用于互为冗余的一对控制器,其中一个为主控制器(本机),执行对外部数据的采集(即外部数据数据)和控制命令(为运算结果,属于输出数据的一种)的发送,另一个为备控制器(对端机),接收主控制器同步过来的数据,该主备控制器之间设有高速数据通道以互相进行逻辑数据同步,还设有可靠的状态通信通道以相互进行状态信息的传递,主备控制器与IO的通信总线均通信连接。The redundant control method of the main and standby controllers provided by the present invention is applied to a pair of redundant controllers, one of which is the main controller (local machine), which performs the collection of external data (ie, external data) and The control command (which is the result of the calculation, which belongs to a kind of output data) is sent, and the other is the standby controller (the opposite machine), which receives the data synchronized by the main controller. There is a high-speed data channel between the main and standby controllers. In order to synchronize logical data with each other, a reliable state communication channel is also provided to transfer state information to each other, and the main and standby controllers and the communication bus of the IO are all communicatively connected.
如图1所示的主备控制器的冗余控制方法的流程图,当应用于上述主备控制器进行冗余控制时,包括以下步骤:The flow chart of the redundancy control method of the active and standby controllers as shown in Fig. 1, when applied to the above-mentioned active and standby controllers for redundant control, includes the following steps:
S100:上电启动或工程下装开始时,主控制器获取外部的静态数据和动态数据,备控制器从主控制器获得所述静态数据和动态数据;S100: When the power is started or the project download starts, the main controller obtains external static data and dynamic data, and the standby controller obtains the static data and dynamic data from the main controller;
本步骤为上电启动阶段或工程下装阶段开始时的步骤,为冗余控制进入正常循环周期前的步骤,是主备控制器正常同步逻辑运算前的准备阶段。This step is the step at the beginning of the power-on startup phase or the project download phase, is the step before the redundancy control enters the normal cycle, and is the preparation phase before the normal synchronization logic operation of the main and standby controllers.
参见如图2所示的上电启动阶段主备控制器数据同步过程示意图,主备控制器上电启动中,需保证主备控制器之间静态数据的一致性,主控制器读取自身flash存储器上的静态数据,该静态数据包括逻辑工程文件和配置文件,然后接收到备控制器的静态数据同步请求时,将该静态数据同步至备控制器;Refer to the schematic diagram of the data synchronization process of the active and standby controllers during the power-on startup phase shown in Figure 2. When the active and standby controllers are powered on, the consistency of the static data between the active and standby controllers needs to be ensured, and the main controller reads its own flash The static data on the memory, the static data includes a logic project file and a configuration file, and then when a static data synchronization request from the standby controller is received, the static data is synchronized to the standby controller;
需要说明的是,主控制器通过总线或网络从外部获取静态数据 后,会将静态数据存储于自身的存储器中,在每次正常上电启动阶段,将会读取自身存储器中的静态数据,若读取不到时,则会从外部重新获取静态数据;It should be noted that after the main controller obtains static data from the outside through the bus or network, it will store the static data in its own memory, and will read the static data in its own memory every time it is normally powered on. If it cannot be read, the static data will be retrieved from the outside;
除静态数据之外,主控制器也将动态数据同步至备控制器,动态数据包括输入变量数据、全局变量数据和过程变量数据。其中输入变量数据由主控制器通过总线从外部设备(IO等)获取,全局变量数据一般为系统属性变量和时钟计数变量等,过程变量数据为逻辑运算过程的中间变量。当主备控制器的同步工作完成,可执行步骤S200的逻辑运算。需要说明的是,在上电启动过程中,如果需要向外输出结果数据(例如处理后生成的运算数据、指令数据等),则以主控制器所产生的要输出的结果数据为准进行输出。In addition to static data, the main controller also synchronizes dynamic data to the standby controller. The dynamic data includes input variable data, global variable data, and process variable data. The input variable data is obtained by the main controller from external devices (IO, etc.) through the bus. The global variable data is generally system attribute variables and clock count variables, etc., and the process variable data is an intermediate variable in the logic operation process. When the synchronization work of the main and standby controllers is completed, the logical operation of step S200 may be executed. It should be noted that during the power-on startup process, if the result data (such as the operation data generated after processing, the instruction data, etc.) needs to be output externally, the result data to be output generated by the main controller shall prevail. .
参见如图3所示的工程下装阶段主备控制器数据同步过程示意图,当本主备控制器需要更换新的控制工程时(如升级、或版本更换等),在新工程下装阶段中,也需保证主备控制器之间逻辑工程文件和配置文件的一致性,可以通过同时下装给主备控制器,或下装给其中一个控制器,然后通过主备控制器之间高速数据通道同步给对端机,本发明的优选实施例中,仍然选择将逻辑工程文件和配置文件下装到主控制器,然后再由主控制器同步至备控制器,以保证主备控制器的静态数据的一致;Refer to the schematic diagram of the data synchronization process of the active and standby controllers in the download stage of the project as shown in Figure 3. When the active and standby controllers need to be replaced with a new control project (such as upgrade, or version replacement, etc.), in the download stage of the new project , It is also necessary to ensure the consistency of the logic project file and configuration file between the active and standby controllers. It can be downloaded to the active and standby controllers at the same time, or downloaded to one of the controllers, and then through the high-speed data between the active and standby controllers. The channel is synchronized to the opposite terminal. In the preferred embodiment of the present invention, the logical project file and configuration file are still selected to be downloaded to the main controller, and then the main controller is synchronized to the standby controller to ensure the main and standby controllers. Consistency of static data;
上述静态数据的同步完成之后,主控制器会将获取的动态数据(输入变量数据和运算过程量数据)同步至备控制器,使主备控制器的工程下装的准备工作完成,可执行步骤S200的逻辑运算。后文将对图3所示的工程下装的过程进一步详细说明。After the synchronization of the above static data is completed, the main controller will synchronize the acquired dynamic data (input variable data and calculation process data) to the standby controller, so that the preparation work for the main and standby controllers is completed, and the steps can be performed S200 logic operation. The process of downloading the project shown in Figure 3 will be described in further detail later.
上述静态数据和动态数据中的运算过程量数据(全局变量数据、过程变量数据),在上电启动阶段或工程下装阶段,均需要进行主备控制器之间的同步,以确保主备控制器数据的一致性。The calculation process data (global variable data, process variable data) in the above static data and dynamic data needs to be synchronized between the main and standby controllers during the power-on and start-up phase or the project download phase to ensure the main and standby control The consistency of the device data.
需要说明的是,当备控制器在特定时间内未收到主控制器发送的静态数据和动态数据时,备控制器需要自行从外部中获取相关数据,并启动切换仲裁逻辑步骤。It should be noted that when the standby controller does not receive the static data and dynamic data sent by the main controller within a certain period of time, the standby controller needs to obtain relevant data from the outside by itself, and initiate the switch arbitration logic step.
S200:主、备控制器分别将所述输入变量数据进行逻辑运算;S200: The main controller and the standby controller respectively perform logic operations on the input variable data;
参见如图4所示的正常循环周期主备控制器数据同步过程示意图,当该主备冗余控制处于正常循环周期阶段,在每个相同的循环周期起始时,由主控制器通过总线获取来自外部设备的输入变量数据,并将该输入变量数据同步至备控制器,以由主备控制器分别对输入变量数据执行逻辑运算。Refer to the schematic diagram of the data synchronization process of the master and backup controllers in the normal cycle as shown in Figure 4. When the master and backup redundancy control is in the normal cycle phase, at the beginning of each same cycle, the master controller obtains it through the bus Input variable data from an external device, and synchronize the input variable data to the standby controller, so that the main and standby controllers perform logical operations on the input variable data respectively.
S300:对主备控制器各自的逻辑运算的结果进行一致性判断,当判断为一致时,主控制器向外部输出结果数据,并返回步骤S200,进入下一个周期。S300: Perform consistency judgment on the results of the respective logic operations of the main and standby controllers. When the judgment is consistent, the main controller outputs the result data to the outside, and returns to step S200 to enter the next cycle.
后文将对图4示出的正常循环周期主备控制器数据同步过程(即步骤S200-S300所述的步骤)进一步详细说明。The data synchronization process of the active and standby controllers in the normal cycle shown in FIG. 4 (that is, the steps described in steps S200-S300) will be described in further detail below.
由上可以看出,本发明使备控制器从主控制器处获取外部的输入变量数据,并同步进行逻辑运算以及逻辑运算结果的一致性判定,保证主备控制器读取到相同的输入变量数据,从而保证主备控制器的一致性,避免背景技术中所提到的技术问题。It can be seen from the above that the present invention enables the standby controller to obtain external input variable data from the main controller, and synchronize the logic operation and the consistency determination of the logic operation result to ensure that the main and standby controllers read the same input variable. Data, so as to ensure the consistency of the main and standby controllers and avoid the technical problems mentioned in the background art.
上述主要描述了本发明主备控制器之间的数据同步方法,下面对本发明的主备切换仲裁逻辑进行介绍。在上述上电启动阶段、工程下装阶段或者正常循环周期阶段,当备控制器在特定时间内未收到主控制器同步的数据(静态数据或动态数据)时,此时,备控制器加载从总线所获取的数据(静态数据和动态数据),并启动切换仲裁逻辑步骤;并且,主备控制器之间也会通过状态通信通道周期性向对方传递自身状态信息,并在状态信息异常时启动切换仲裁逻辑。The above mainly describes the data synchronization method between the main and standby controllers of the present invention, and the arbitration logic of the main and standby switching of the present invention is introduced below. In the above-mentioned power-on start phase, project download phase or normal cycle phase, when the standby controller does not receive the data (static data or dynamic data) synchronized by the main controller within a certain period of time, at this time, the standby controller loads The data (static data and dynamic data) obtained from the bus, and start the switch arbitration logic step; and between the main and standby controllers will periodically transmit their own status information to the other party through the status communication channel, and start when the status information is abnormal Switch the arbitration logic.
其中,所述状态信息包括关键任务运行状态、逻辑任务运行状态、与HMI通信状态、与IO通信状态、与其他控制站之间的通信状态、与对端机通信状态等,该状态信息作为主备切换仲裁的依据,且该状态信息可根据具体系统自定义,本发明的实施例中,状态信息的权重如下:Wherein, the status information includes key task running status, logical task running status, communication status with HMI, communication status with IO, communication status with other control stations, communication status with peer machine, etc., and the status information is used as the main The basis for the standby handover arbitration, and the status information can be customized according to the specific system. In the embodiment of the present invention, the weight of the status information is as follows:
与对端机通信>逻辑任务>与IO通信>与其他控制站通信>与HMI通信状态;另外,除了权重之外,各个状态信息还可 以设置不同的优先级。Communication with the peer machine>Logic task>Communication with IO>Communication with other control stations>Communication status with HMI; In addition, in addition to the weight, each status information can also be set with different priorities.
上述状态信息的权重主要用于互为冗余的主备控制器均有故障时,提供一种机制保证系统能做出主备切换仲裁,以上权重顺序仅为一般系统的建议顺序,可以根据具体系统和应用进行调整。The weight of the above status information is mainly used to provide a mechanism to ensure that the system can make the switch arbitration when the active and standby controllers that are redundant with each other are faulty. The above weight sequence is only the recommended sequence of the general system, and can be based on the specific System and application adjustments.
其中,主备控制器均处于运行正常情况下,主备控制器之间通过状态通信通道以周期加变化同步的方式传递自身状态信息,此信息类似心跳信号,以供对端机判定自身的活跃性;当诊断到自身状态信息发生变化时,则变更状态信息并第一时间发送给对端机,双方根据最新的状态信息和权重做出主备切换仲裁,并调整各自主备状态;上述主备控制器之间状态通信通道必须可靠,当多周期未获取到对端机状态信息时,则判定对端机运行异常,如果本机为主控制器,做备控制器异常告警,如果本机为备控制器,则通过状态通信通道、主备高速数据通道向对端机发送本机升主消息,然后升为主控制器,对端机则降为备控制器,完成主备切换。Among them, when the active and standby controllers are in normal operation, the active and standby controllers transmit their own state information through the state communication channel in a cycle and change synchronization manner. This information is similar to a heartbeat signal for the peer computer to determine its own activity. When it is diagnosed that its own status information has changed, the status information is changed and sent to the opposite terminal as soon as possible. The two parties make the master/backup switch arbitration according to the latest status information and weight, and adjust their respective master/backup status; The state communication channel between the standby controllers must be reliable. When the state information of the peer machine is not obtained in multiple cycles, it is determined that the peer machine is running abnormally. If the machine is the master controller, the standby controller will alarm if the machine is abnormal. As the standby controller, it sends a message to the peer machine to become the master controller through the status communication channel and the master/backup high-speed data channel, and then becomes the master controller, and the peer machine becomes the backup controller to complete the master/backup switch.
本实施例中的主备切换仲裁模式支持单机模式、双主机模式、双备机模式,具体可根据具体系统进行选择,除此之外,主备切换仲裁过程中的检测未获取到对端机状态信息的次数,以及发送本机升主消息到本机执行升主动作的时间延迟,需要根据具体系统的时间承受力进行设定。The active-standby switching arbitration mode in this embodiment supports single-machine mode, dual-master mode, and dual-standby mode, which can be selected according to the specific system. In addition, the detection during the main-standby switching arbitration process does not obtain the peer machine The number of times of status information and the time delay from sending the host upgrade message to the host performing the host upgrade action need to be set according to the time endurance of the specific system.
如图5示出了主备切换仲裁的一个具体的实施例,包括以下步骤:Figure 5 shows a specific embodiment of the master-slave handover arbitration, which includes the following steps:
S501-502:本机和对端机通过状态通信通道周期性传递自身状态信息,当任何一方诊断到自身状态信息发生变化时,首先判断对端机是否下线,若下线,执行步骤S503;若未下线,执行步骤S508;S501-502: The local machine and the peer machine periodically transmit their own state information through the state communication channel. When either party diagnoses that its state information has changed, it first determines whether the peer machine is offline, and if it goes offline, go to step S503; If it is not offline, execute step S508;
S503-504:对于对端机下线的情况,复位切换锁定标志、网络连接状态标注及其他一些状态标志;S503-504: For the case where the peer machine goes offline, reset the handover lock flag, network connection status label and other status flags;
S505-507:判断本机角色,若本机为备控制器,则将备控制器切换为主控制器进行工作,并结束本次主备切换仲裁任务;若本机为主控制器,则作备控制器异常报警提示,并结束本次主备切换仲裁 任务;S505-507: Determine the role of the local machine. If the machine is the standby controller, switch the standby controller to the main controller to work, and end the arbitration task of the main-standby switchover; if the local machine is the main controller, then Standby controller abnormal alarm prompt, and end the arbitration task of this master/standby switchover;
S508-511:对于对端机未下线的情况,判定当前心跳数据队列上是否有心跳数据包,若有心跳数据包,则读取心跳数据队列上的软心跳数据包,并更新对端机的分散处理单元(DPU)状态;若无心跳数据包,则查看对端机和本机的切换锁定状态,若有一方为锁定状态,则结束本次主备切换仲裁任务,否则执行步骤S512;S508-511: For the case that the peer machine is not offline, determine whether there is a heartbeat data packet on the current heartbeat data queue. If there is a heartbeat data packet, read the soft heartbeat data packet on the heartbeat data queue and update the peer machine If there is no heartbeat data packet, check the switching lock status of the peer machine and the local machine, if one of the parties is in the locked state, end the current master-slave switching arbitration task, otherwise go to step S512;
S512-513:对于本机和对端机均未锁定的情况,则依据算法计算自身的健康值及对端机的健康值,并根据双机状态执行后续步骤;S512-513: In the case that both the local machine and the peer machine are not locked, calculate the health value of its own and the health value of the peer machine according to the algorithm, and perform the subsequent steps according to the status of the two machines;
S514-516:若采用的为双备机模式,判断本机的IP状态大小值,若为小IP状态,则将本机切换为主控制器,并复位裁决标志,并结束本次主备切换仲裁任务,若本机为大IP状态,则无需切换,结束本次主备切换仲裁任务;S514-516: If the dual-standby mode is adopted, determine the value of the IP status of the local machine. If it is a small IP state, switch the local machine to the main controller, reset the judgment flag, and end the current main-standby switchover Arbitration task, if the machine is in the big IP state, there is no need to switch, and the arbitration task of this master-slave switchover is ended;
S517:若采用的为一主一备模式,则需判断本机的健康状态;S517: If the one-master one-standby mode is adopted, the health status of the machine needs to be judged;
S518-521:当本机的健康状态差于对端机,若本机为主控制器,则发送切换指令,切换为备控制器,将原备控制器升主;若本机为备控制器,则作备控制器异常报警提示,并结束本次主备切换仲裁任务;S518-521: When the health status of the local machine is worse than that of the peer machine, if the machine is the master controller, it will send a switch command to switch to the backup controller, and the original backup controller will be upgraded to the master; if the machine is the backup controller , It will be used as a warning reminder of the abnormality of the standby controller, and the arbitration task of this master/standby switchover will be ended;
S522-525:当本机的健康状态好于对端机,若本机为备控制器,则接收切换指令,将备控制器切换为主控制器,并结束本次主备切换仲裁任务,若本机为主控制器,则作备控制器异常报警提示,并结束本次主备切换仲裁任务;S522-525: When the health status of the local machine is better than that of the peer machine, if the machine is the standby controller, it will receive the switching instruction, switch the standby controller to the main controller, and end the arbitration task of the main-standby switchover. If this machine is the main controller, it will alert the abnormal alarm of the standby controller, and end the arbitration task of the main/standby switchover;
S526-530:若采用的为双主机模式,首先判断本机健康状态,若差于对端机,则将本机切换为备控制器,并结束本次主备切换仲裁任务;若等于对端机,则判断本机的IP状态大小值,若为小IP,则无需切换,并结束本次主备切换仲裁任务,若为大IP,则切换为备控制器,并结束本次主备切换仲裁任务;若好于对端机,则保持主机状态不变。S526-530: If the dual-master mode is adopted, first judge the health status of the local machine. If it is worse than the peer machine, switch the machine to the standby controller and end the arbitration task of the master-standby switchover; if it is equal to the peer end If it is a small IP, then no need to switch, and end the arbitration task of the master/backup switch; if it is a large IP, switch to the backup controller and end the current master/backup switch Arbitration task; if it is better than the peer machine, keep the host state unchanged.
如图6示出了正常循环周期主备控制器数据同步过程的一个具体的实施例,包括以下步骤:Fig. 6 shows a specific embodiment of the data synchronization process of the active and standby controllers in the normal cycle period, which includes the following steps:
S601-602:一个周期起始时,由主控制器从总线读取自外部设备的输入变量数据存储至其缓冲区;S601-602: At the beginning of a cycle, the main controller reads the input variable data from the external device from the bus and stores it in its buffer;
此时,备控制器等待数据并计时开始,若超时,则会从总线读取自外部设备的输入变量数据存储至其缓冲区,若未超时,则会在该计时时限截止期内,备控制器会收到后续步骤S605主控制器所发送的数据,并使计时复位;At this time, the standby controller waits for the data and starts timing. If it times out, it will read the input variable data from the external device from the bus and store it in its buffer. The device will receive the data sent by the main controller in the subsequent step S605 and reset the timer;
S603-605:主控制器根据前一周期收到的来自备控制器的校验结果确定要同步到备控制器的数据,当所述校验结果为一致时,主控制器将所述输入变量数据发送至备控制器;当为不一致时,主控制器将全部动态数据,即全局变量、过程变量以及所述输入变量数据依次发送给备控制器;其中,全局变量数据、过程变量数据即为当前的运算过程量数据。S603-605: The main controller determines the data to be synchronized to the standby controller according to the check result from the standby controller received in the previous cycle. When the check result is consistent, the main controller sets the input variable The data is sent to the standby controller; when it is inconsistent, the main controller sends all dynamic data, namely global variables, process variables, and the input variable data to the standby controller in turn; among them, the global variable data and the process variable data are The current calculation process volume data.
S606-607:由主控制器向备控制器发送启动信号,并且,主控制器将输入变量数据进行逻辑运算;S606-607: The main controller sends a start signal to the standby controller, and the main controller performs logic operations on the input variable data;
S608:备控制器在收到主控制器发送的启动信号后,也将输入变量数据执行逻辑运算;上述启动信号作为备控制器启动执行逻辑运算的触发信号,使得主备控制器的逻辑运算过程在同一个周期内执行。S608: After the standby controller receives the start signal sent by the main controller, it also executes logic operation on the input variable data; the above start signal is used as the trigger signal for the standby controller to start the logic operation, so that the logic operation process of the main and standby controller Execute in the same cycle.
S609:主控制器对输入变量数据执行逻辑运算完成后,计算逻辑运算结果的数据校验值,并发送给备控制器;S609: After the main controller performs the logical operation on the input variable data, calculates the data check value of the logical operation result and sends it to the standby controller;
S610:备控制器将收到的该数据校验值与自己的由其逻辑运算结果计算的数据校验值进行一致性判断;S610: The standby controller judges the consistency between the received data check value and its own data check value calculated by the logical operation result;
S611:备控制器反馈比较结果至主控制器,S611: The standby controller feeds back the comparison result to the main controller,
S612-613:当逻辑运算结果的一致性判断为一致时,主控制器将逻辑运算的结果进行输出;不一致时,主控制器默认自己的逻辑运算的结果为正确结果,将该逻辑运算的结果进行输出,并发出主备运算结果不一致的告警信息;S612-613: When the consistency of the logic operation result is judged to be consistent, the main controller outputs the result of the logic operation; when it is inconsistent, the main controller defaults the result of its own logic operation to the correct result, and the result of the logic operation Perform output and issue an alarm message that the results of the main and standby operations are inconsistent;
然后,返回步骤S601,执行下一个周期。Then, return to step S601 to execute the next cycle.
值得说明的是,当一个或多个周期的逻辑运算结果的一致性判断 均为不一致时,当判定主备控制器的冗余控制出现异常,当采取适当手段进行异常处理,具体可容纳异常周期次数可根据具体系统进行设定。It is worth noting that when the consistency judgments of the logic operation results of one or more cycles are inconsistent, when it is judged that the redundant control of the main and standby controllers is abnormal, when appropriate measures are taken to deal with the abnormality, the specific abnormal period can be accommodated. The number of times can be set according to the specific system.
如图7示出了工程下装阶段主备控制器数据同步过程的一个具体的实施例,包括以下步骤:Figure 7 shows a specific embodiment of the data synchronization process of the active and standby controllers in the project download stage, including the following steps:
S701:上电阶段,主控制器获取外部设备的工程所需文件,备控制器从主控制器获取所述工程所需文件;S701: During the power-on phase, the main controller obtains the files required by the project of the external device, and the standby controller obtains the files required by the project from the main controller;
主备控制器的工程所需文件同步完成后,即可进行后续动态数据的同步及逻辑运算的执行;After the synchronization of the files required by the main and standby controllers is completed, the subsequent synchronization of dynamic data and execution of logic operations can be carried out;
S702-705:新工程下装时,由外部设备释放新工程下装的信号给主控制器,此时主控制需要切换为锁定状态,并停止当前动态数据(热数据)的获取和同步;S702-705: When the new project is downloaded, the external device releases the signal of the new project to the main controller. At this time, the main control needs to be switched to the locked state, and the current dynamic data (hot data) acquisition and synchronization should be stopped;
S706:主控制器从外部设备下载新的工程文件,当下载完成时,发送下装完成的信号至备控制器;S706: The main controller downloads a new project file from the external device, and when the download is completed, sends a signal of completion of the download to the standby controller;
S707-709:备控制器收到下装完成的信号后,切换为锁定状态,并从主控制器获取新的工程文件,同步完成后,发送同步完成应答信号至主控制器;S707-709: After the standby controller receives the signal that the download is complete, it switches to the locked state and obtains a new project file from the main controller. After synchronization is completed, it sends a synchronization completion response signal to the main controller;
S710:主控制器接收到同步完成应答信号后,解除切换锁定状态,准备进入下一阶段的动态数据同步;S710: After receiving the synchronization completion response signal, the main controller releases the switching lock state and prepares to enter the next stage of dynamic data synchronization;
S711:备控制器启动,解除切换锁定状态,等待获取主控制器的动态数据。S711: The standby controller is started, the switching lock state is released, and the dynamic data of the main controller is waited for.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the present invention. Within the scope of protection.

Claims (11)

  1. 一种主备控制器的冗余控制方法,其特征在于,在每个正常的同步周期,包括步骤:A redundant control method for active and standby controllers is characterized in that, in each normal synchronization period, the method includes the following steps:
    A、主控制器获取外部输入变量数据;备控制器从主控制器获得所述输入变量数据;A. The main controller obtains external input variable data; the standby controller obtains the input variable data from the main controller;
    B、主、备控制器分别将所述输入变量数据进行逻辑运算;B. The main controller and the backup controller respectively perform logic operations on the input variable data;
    C、对逻辑运算的结果进行一致性判断,并在判断为一致时将结果作为输出数据输出。C. Perform consistency judgment on the result of logical operation, and output the result as output data when the judgment is consistent.
  2. 根据权利要求1所述的方法,其特征在于,The method of claim 1, wherein:
    步骤A还包括:所述备控制器从主控制器获得所述输入变量数据失败时,备控制器获取外部输入变量数据,并启动切换仲裁逻辑步骤。Step A also includes: when the standby controller fails to obtain the input variable data from the main controller, the standby controller obtains the external input variable data, and initiates the switch arbitration logic step.
  3. 根据权利要求2所述的方法,其特征在于,The method of claim 2, wherein:
    所述失败包括:备控制器在特定时间内未收到主控制器发送的所述输入变量数据。The failure includes: the standby controller does not receive the input variable data sent by the main controller within a specific time.
  4. 根据权利要求1所述的方法,其特征在于,步骤B包括:The method according to claim 1, wherein step B comprises:
    由主控制器向备控制器发送启动信号,且,主控制器将所述输入变量数据进行逻辑运算;The main controller sends a start signal to the standby controller, and the main controller performs logic operations on the input variable data;
    备控制器在收到所述启动信号后,将所述输入变量数据执行逻辑运算。After receiving the start signal, the standby controller executes logic operations on the input variable data.
  5. 根据权利要求1所述的方法,其特征在于,步骤C所述对逻辑运算的结果进行一致性判断的步骤包括:The method according to claim 1, wherein the step of determining the consistency of the result of the logical operation in step C comprises:
    主控制器将逻辑运算结果相关数据发送给备控制器,由备控制器将该逻辑运算结果相关数据与自己的逻辑运算结果相关数据进行一致性判断。The main controller sends the data related to the logic operation result to the backup controller, and the backup controller makes the consistency judgment of the data related to the logic operation result and its own logic operation result related data.
  6. 根据权利要求5所述的方法,其特征在于,The method of claim 5, wherein:
    所述逻辑运算结果相关数据包括根据包括逻辑运算结果计算的数据校验值。The data related to the result of the logical operation includes a data check value calculated according to the result of the logical operation.
  7. 根据权利要求1所述的方法,其特征在于,步骤C所述将结果输出的步骤包括:The method according to claim 1, wherein the step of outputting the result in step C comprises:
    由备控制器反馈给主控制器一致性信息后,由主控制器将结果输出。After the backup controller feeds back the consistency information to the main controller, the main controller outputs the result.
  8. 根据权利要求1所述的方法,其特征在于,步骤C所述结果不一致时,还包括:The method according to claim 1, wherein when the results of step C are inconsistent, the method further comprises:
    在执行下一周期的步骤B前,主控制器还将包括运算过程量的动态数据同步给备控制器,所述运算过程量用于所述逻辑运算。Before executing step B of the next cycle, the main controller also synchronizes the dynamic data including the calculation process value to the standby controller, and the calculation process value is used for the logic operation.
  9. 根据权利要求1所述的方法,其特征在于,在上电过程中或工程下装过程中还包括:The method according to claim 1, characterized in that, during the power-on process or the engineering download process, the method further comprises:
    在执行步骤A前,主控制器向备控制器进行静态数据同步、动态数据同步的步骤;Before performing step A, the main controller performs the steps of static data synchronization and dynamic data synchronization with the standby controller;
    所述静态数据包括逻辑工程文件、配置文件;The static data includes logical engineering files and configuration files;
    所述动态数据包括外部输入变量数据、运算过程量。The dynamic data includes external input variable data and calculation process quantity.
  10. 根据权利要求1所述的方法,其特征在于,还包括,主备控制器周期性传递自身状态信息,并在状态信息异常时启动切换仲裁逻辑步骤。The method according to claim 1, further comprising: the active and standby controllers periodically transmit their own status information, and start the switch arbitration logic step when the status information is abnormal.
  11. 根据权利要求2或10所述的方法,其特征在于,The method according to claim 2 or 10, wherein:
    所述仲裁逻辑依据至少下述之一进行主备切换仲裁:The arbitration logic is based on at least one of the following to perform active/standby switch arbitration:
    关键任务运行状态、逻辑任务运行状态、与HMI通信状态、与IO通信状态、与其他控制站之间的通信状态、与对端机通信状态;Key task running status, logic task running status, communication status with HMI, communication status with IO, communication status with other control stations, communication status with peer machine;
    上述不同的状态可设置不同的用于主备切换仲裁判断的权值和/或优先级。The above-mentioned different states can set different weights and/or priorities for the arbitration judgment of the master/slave switchover.
PCT/CN2019/108638 2019-08-27 2019-09-27 Redundancy control method for main and standby controllers WO2021035867A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910798407.6 2019-08-27
CN201910798407.6A CN112445127B (en) 2019-08-27 2019-08-27 Redundancy control method of master controller

Publications (1)

Publication Number Publication Date
WO2021035867A1 true WO2021035867A1 (en) 2021-03-04

Family

ID=74683982

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/108638 WO2021035867A1 (en) 2019-08-27 2019-09-27 Redundancy control method for main and standby controllers

Country Status (2)

Country Link
CN (1) CN112445127B (en)
WO (1) WO2021035867A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113625540A (en) * 2021-07-19 2021-11-09 交控科技股份有限公司 Dual-computer hot standby control method and device and dual-computer hot standby system
CN113835337A (en) * 2021-10-19 2021-12-24 中车株洲电力机车有限公司 Method and system for train network redundancy control
CN113917999A (en) * 2021-08-31 2022-01-11 湖南同有飞骥科技有限公司 Control panel redundancy switching and recovering method and device
CN114003014A (en) * 2021-09-30 2022-02-01 南京国电南自维美德自动化有限公司 Method and system for testing redundant switching time of controller
CN115199472A (en) * 2022-06-21 2022-10-18 大唐可再生能源试验研究院有限公司 Dual-redundancy electric control system of wind generating set and control method thereof
CN115296983A (en) * 2022-08-03 2022-11-04 青岛海信微联信号有限公司 Equipment management method and device, electronic equipment and storage medium
CN115408240A (en) * 2022-09-09 2022-11-29 中国兵器装备集团自动化研究所有限公司 Redundant system active/standby method, device, equipment and storage medium
CN117093423A (en) * 2023-10-18 2023-11-21 西安热工研究院有限公司 Data synchronization method and system between trusted DCS terminals, electronic equipment and storage medium
CN117573609A (en) * 2024-01-16 2024-02-20 宁波中控微电子有限公司 System-on-chip with redundancy function and control method thereof

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113655707B (en) * 2021-07-29 2023-12-12 浙江中控技术股份有限公司 Voting control method and device of safety instrument system and electronic device
CN113886148A (en) * 2021-10-28 2022-01-04 杭州和利时自动化有限公司 CPU diagnosis system, method, device and medium
CN114115053B (en) * 2021-11-30 2022-08-02 之江实验室 Method for confirming and switching master-standby mode between arbitration modules in mimicry industrial controller
CN115755573B (en) * 2023-02-11 2023-04-07 北京控达科技有限公司 Design method for project issuing, synchronization and switching of 2oo3 redundancy architecture
CN116661331B (en) * 2023-08-02 2023-09-26 成都正扬博创电子技术有限公司 Redundant flight control computer system utilizing software and hardware cooperation

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008299470A (en) * 2007-05-30 2008-12-11 Ihi Corp Dual redundant system and method of sharing data thereof
CN201909961U (en) * 2010-05-18 2011-07-27 北京捷世伟业电子科技有限公司 Redundancy control system
CN103841210A (en) * 2014-03-21 2014-06-04 上海富欣智能交通控制有限公司 Adjustable main system and spare system data synchronization method
WO2014161986A1 (en) * 2013-04-04 2014-10-09 Phoenix Contact Gmbh & Co.Kg Control and data transfer system for redundant process control and method for firmware updating
CN104360916A (en) * 2014-11-20 2015-02-18 上海富欣智能交通控制有限公司 Main and spare synchronization method based on data synchronization
US20150256321A1 (en) * 2014-03-04 2015-09-10 Electronics And Telecommunications Research Institute Airplane system and control method thereof
CN105974879A (en) * 2016-06-27 2016-09-28 北京广利核系统工程有限公司 Redundancy control equipment of digital instrument control system, digital instrument control system and control method
EP3118694A1 (en) * 2015-07-13 2017-01-18 Siemens Aktiengesellschaft Method for operating a redundant automation system and redundant automation system
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN109991899A (en) * 2019-04-01 2019-07-09 上海电气泰雷兹交通自动化系统有限公司 Half dynamic synchronization method of data between the active and standby controller of Rail Transit System

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192972A (en) * 2006-11-23 2008-06-04 中兴通讯股份有限公司 Detection method for master/slave data consistency
CN103455005B (en) * 2013-09-06 2015-07-22 北京四方继保自动化股份有限公司 Controller redundancy and switching method
KR101702945B1 (en) * 2014-12-17 2017-02-06 삼성중공업 주식회사 Distributed control system and control method thereof
CN106444354A (en) * 2015-08-11 2017-02-22 南京理工大学 Double-CPU redundant controller
CN205158001U (en) * 2015-11-05 2016-04-13 上海科泰电源股份有限公司 Redundant control system of special high -pressure diesel generating set of data center
CN105550076B (en) * 2015-12-03 2020-02-07 北京小鸟科技股份有限公司 Image splicing control system and redundant hot backup method thereof
CN107065830A (en) * 2017-05-03 2017-08-18 北京电子工程总体研究所 A kind of dual redundant hot backup system based on arbitration mode
CN207406418U (en) * 2017-10-27 2018-05-25 深圳海汇科技有限公司 A kind of generator set controller for possessing redundancy control capability
CN110095975A (en) * 2018-01-31 2019-08-06 株洲中车时代电气股份有限公司 A kind of redundancy control system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008299470A (en) * 2007-05-30 2008-12-11 Ihi Corp Dual redundant system and method of sharing data thereof
CN201909961U (en) * 2010-05-18 2011-07-27 北京捷世伟业电子科技有限公司 Redundancy control system
WO2014161986A1 (en) * 2013-04-04 2014-10-09 Phoenix Contact Gmbh & Co.Kg Control and data transfer system for redundant process control and method for firmware updating
US20150256321A1 (en) * 2014-03-04 2015-09-10 Electronics And Telecommunications Research Institute Airplane system and control method thereof
CN103841210A (en) * 2014-03-21 2014-06-04 上海富欣智能交通控制有限公司 Adjustable main system and spare system data synchronization method
CN104360916A (en) * 2014-11-20 2015-02-18 上海富欣智能交通控制有限公司 Main and spare synchronization method based on data synchronization
EP3118694A1 (en) * 2015-07-13 2017-01-18 Siemens Aktiengesellschaft Method for operating a redundant automation system and redundant automation system
CN107300851A (en) * 2016-04-14 2017-10-27 南京南瑞继保电气有限公司 A kind of logical algorithm unperturbed update method of redundancy control system
CN105974879A (en) * 2016-06-27 2016-09-28 北京广利核系统工程有限公司 Redundancy control equipment of digital instrument control system, digital instrument control system and control method
CN109991899A (en) * 2019-04-01 2019-07-09 上海电气泰雷兹交通自动化系统有限公司 Half dynamic synchronization method of data between the active and standby controller of Rail Transit System

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113625540A (en) * 2021-07-19 2021-11-09 交控科技股份有限公司 Dual-computer hot standby control method and device and dual-computer hot standby system
CN113917999A (en) * 2021-08-31 2022-01-11 湖南同有飞骥科技有限公司 Control panel redundancy switching and recovering method and device
CN114003014A (en) * 2021-09-30 2022-02-01 南京国电南自维美德自动化有限公司 Method and system for testing redundant switching time of controller
CN114003014B (en) * 2021-09-30 2023-12-26 南京国电南自维美德自动化有限公司 Method and system for testing redundant switching time of controller
CN113835337A (en) * 2021-10-19 2021-12-24 中车株洲电力机车有限公司 Method and system for train network redundancy control
CN113835337B (en) * 2021-10-19 2023-07-11 中车株洲电力机车有限公司 Train network redundancy control method and system
CN115199472A (en) * 2022-06-21 2022-10-18 大唐可再生能源试验研究院有限公司 Dual-redundancy electric control system of wind generating set and control method thereof
CN115296983A (en) * 2022-08-03 2022-11-04 青岛海信微联信号有限公司 Equipment management method and device, electronic equipment and storage medium
CN115408240A (en) * 2022-09-09 2022-11-29 中国兵器装备集团自动化研究所有限公司 Redundant system active/standby method, device, equipment and storage medium
CN117093423A (en) * 2023-10-18 2023-11-21 西安热工研究院有限公司 Data synchronization method and system between trusted DCS terminals, electronic equipment and storage medium
CN117093423B (en) * 2023-10-18 2024-01-30 西安热工研究院有限公司 Data synchronization method and system between trusted DCS terminals, electronic equipment and storage medium
CN117573609A (en) * 2024-01-16 2024-02-20 宁波中控微电子有限公司 System-on-chip with redundancy function and control method thereof

Also Published As

Publication number Publication date
CN112445127A (en) 2021-03-05
CN112445127B (en) 2022-03-18

Similar Documents

Publication Publication Date Title
WO2021035867A1 (en) Redundancy control method for main and standby controllers
CN108023809B (en) System and method for enabling control of a device in a process control system
EP3026515B1 (en) Programmable controller system
EP2705619A1 (en) Network and method for implementing a high-availability grand master clock
JP2010044782A (en) Method and system for establishing redundancy context in process control system with first and second application stations, method and system for maintaining/managing redundancy context in the same process control system, machine accessible medium with data, redundant application station system, and method of changing configuration of application station
JP2004046599A (en) Fault tolerant computer system, its resynchronization method, and resynchronization program
CN102724083A (en) Degradable triple-modular redundancy computer system based on software synchronization
CN101609421B (en) Duplexed operation processor control system, and duplexed operation processor control method
JP3882783B2 (en) Programmable controller, CPU unit, communication unit and communication unit control method
CN100377083C (en) Starting control method, duplex platform system, and information processor
CN116319618A (en) Switch operation control method, device, system, equipment and storage medium
JPH11184825A (en) Cluster system
CN114326366A (en) Soft redundancy control system and configuration method thereof
US8005357B2 (en) Optical transmission apparatus
JP2020021341A (en) Redundant system
US20050102586A1 (en) Fail-operational global time reference in a redundant synchronous data bus system
US20220350706A1 (en) Computing device, redundant system, program, and method for constructing redundant configuration
CN110830591B (en) Information synchronization method, system, electronic equipment and storage medium
CN112751693B (en) Data processing method and device of distributed storage system and electronic equipment
JP3394189B2 (en) Uninterrupted update system for program / data of any processor
JPH0462081B2 (en)
US9992010B2 (en) System and method for augmenting duplexed replicated computing
CN115421971B (en) ETCD disaster recovery fault recovery method and application
JP2014154056A (en) Redundant system and active device determination method
CN115803692A (en) Method for operating a redundant automation system and redundant automation system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19943290

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 04.07.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19943290

Country of ref document: EP

Kind code of ref document: A1