Network Management
Simple Boot-Up
CANopen allows the distributed network to boot in a very simple way. After initialization, the modules are automatically in the Pre-Operational state. In this state it is already possible to access the object directory using service data objects (SDOs) with default identifiers, so that the modules can be configured. Since default settings exist for all the entries in the object directory, it is in most cases possible to omit any explicit configuration.
Only one CAN message is then required to start the module: Start_Remote_Node: Identifier 0, two data bytes: 0x01, 0x00. It switches the node into the Operational state.
Network Status
Network Status
The states and the state transitions involved as CANopen boots up can be seen from the state diagram:
Pre-Operational
After initialization the Bus Coupler goes automatically (i.e. without the need for any external command) into the Pre-Operational state. In this state it can be configured, since the service data objects (SDOs) are already active. The process data objects, on the other hand, are still locked.
Operational
In the Operational state the process data objects are also active.
If external influences (such as a CAN error, or absence of output voltage) or internal influences (such as a K-Bus error) mean that it is no longer possible for the Bus Coupler to set outputs, to read inputs or to communicate, it attempts to send an appropriate emergency message, goes into the fault state, and thus returns to the Pre-Operational state. In this way the NMT status machine in the network master can also immediately detect fatal errors.
Stopped
In the Stopped state (formerly: Prepared) data communication with the Coupler is no longer possible - only NMT messages are received. The outputs go into the fault state.
State Transitions
State Transitions
The network management messages have a very simple structure: CAN identifier 0, with two bytes of data content. The first data byte contains what is known as the command specifier (cs), and the second data byte contains the node address, the node address 0 applying to all nodes (broadcast).
11 bit identifier | 2 bytes of user data | |||||||
0x00 | cs | Node-ID |
|
|
|
|
|
|
The following table gives an overview of all the CANopen state transitions and the associated commands (command specifier in the NMT master telegram):
Status transition | Command Specifier cs | Explanation |
|---|---|---|
(1) | - | The initialization state is reached automatically at power-up |
(2) | - | After initialization the pre-operational state is reached automatically - this involves sending the boot-up message. |
(3), (6) | cs = 1 = 0x01 | Start_Remote_Node. |
(4), (7) | cs = 128 = 0x80 | Enter_Pre-Operational. Stops PDO transmission, SDO still active. |
(5), (8) | cs = 2 = 0x02 | Stop_Remote_Node. |
(9), (10), (11) | cs = 129 = 0x81 | Reset_Node. Carries out a reset. All objects are reset to their power-on defaults. |
(12), (13), (14) | cs = 130 = 0x82 | Reset_Communication. Carries out a reset of the communication functions. Objects 0x1000 - 0x1FFF are reset to their power-on defaults. |
Example 1
The following telegram puts all the modules in the network into the error state (outputs in a safe state):
11 bit identifier | 2 bytes of user data | |||||||
0x00 | 0x02 | 0x00 |
|
|
|
|
|
|
Example 2
The following telegram resets node 17:
|
11 bit identifier |
2 bytes of user data | |||||||
|
0x00 |
0x81 |
0x11 |
|
|
|
|
|
|
Boot-up message
Boot-up message
After the initialization phase and the self test, the Bus Coupler sends the boot-up message, a CAN message with no data bytes and with the identifier of the emergency message: CAN-ID = 0x700 + Node-ID. In this way temporary failure of a module during operation (e.g. due to a voltage interruption), or a module that is switched on at a later stage, can be reliably detected, even without Node Guarding. The sender can be determined from the message identifier (see default identifier allocation).
It is also possible, with the aid of the boot-up message, to recognize the nodes present in the network at start-up with a simple CAN monitor, without having to make write access to the bus (such as a scan of the network by reading out parameter 0x1000).
Finally, the boot-up message communicates the end of the initialization phase; the Bus Coupler signals that it can now be configured or started.
 | Firmware BA Up to firmware status BA the emergency identifier was used for the boot up message. |
Format of the Boot-up message
|
11 bit identifier |
1 byte of user data | |||||||
|
0x700 (=1792) + Node-ID |
0x00 |
|
|
|
|
|
|
|
Node Monitoring
Node Monitoring
Heartbeat and guarding mechanisms are available to monitor failures in the CANopen network. These are of particular importance for CANopen, since modules do not regularly speak in the event-driven mode of operation. In the case of "guarding", the devices are cyclically interrogated about their status by means of a data request telegram (remote frame), whereas with "heartbeat" the nodes transmit their status on their own initiative.
Guarding: Node Guarding and Life Guarding
Guarding
Node Guarding is used to monitor the non-central peripheral modules, while they themselves can use Life Guarding to detect the failure of the guarding master. Guarding involves the master sending remote frames (remote transmit requests) to the guarding identifier of the slaves that are to be monitored. These reply with the guarding message. This contains the slave’s status code and a toggle bit that has to change after every message. If either the status or the toggle bit do not agree with that expected by the NMT master, or if there is no answer at all, the master assumes that there is a slave fault.
Guarding procedure
Protocol
Protocol
The toggle bit (t) transmitted in the first guarding telegram has the value 0. After this, the bit must change (toggle) in every guarding telegram so that the loss of a telegram can be detected. The node uses the remaining seven bits to transmit its network status (s):
s | Status |
|---|---|
4 = 0x04 | Stopped (formerly: prepared) |
5 = 0x05 | Operational |
127 = 0x7F | Pre-Operational |
Example
The guarding message for node 27 (0x1B) must be requested by a remote frame having identifier 0x71B (1819dec). If the node is Operational, the first data byte of the answer message alternates between 0x05 and 0x85, whereas in the Pre-Operational state it alternates between 0x7F and 0xFF.
Guard time and life time factor
If the master requests the guard messages in a strict cycle, the slave can detect the failure of the master. In this case, if the slave fails to receive a message request from the master within the set Node Life Time (a guarding error), it assumes that the master has failed (the watchdog function). It then puts its outputs into the error state, sends an emergency telegram, and returns to the pre-operational state. After a guarding time-out the procedure can be re-started by transmitting a guarding telegram again.
The node life time is calculated from the guard time (object 0x100C) and life time factor (object 0x100D) parameters:
Life time = guard time x life time factor
If either of these two parameters is "0" (the default setting), the master will not be monitored (no life guarding).
Heartbeat: Node Monitoring without Remote Frame
Heartbeat
In the heart beat procedure, each node transmits its status message cyclically on its own initiative. There is therefore no need to use remote frames, and the bus is less heavily loaded than under the guarding procedure.
The master also regularly transmits its heartbeat telegram, so that the slaves are also able to detect failure of the master.
Heartbeat procedure
Protocol
The toggle bit is not used in the heart beat procedure. The nodes send their status cyclically (s). See Guarding.