Error Reactions

Failure of a slave

If a slave does not respond or the response is faulty, the master repeats the telegram several times until the Max Retry limit is reached (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Bus Parameter dialog). If a faulty telegram is received, the master repeats immediately, in the event of a timeout the master waits for a response from the slave until the Slot time has elapsed (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Bus Parameters dialog). At 12 Mbit/s, a slot time of 1000 bit-periods and a max retry limit of 4 (default values) then a Data_Exchange telegram will delay sending the following telegram by

TDelay = (4 x ((15 + number of outputs) x 11 + 1000) - (15 + number of inputs) x 11)/12 µs

The DpState of the slave is set to 0x02 (timeout) or 0x0B (faulty telegram). The effect on the DP connection can be set (see below).

Normal DP cycle (12 Mbit/s, 5 slaves, 20 bytes I, 20 bytes O per slave on average)

Normal DP cycle

first occurrence of a faulty DP cycle (slave 3 does not answer)

First occurrence of a faulty DP cycle

subsequent DP cycles (slave 3 no longer in the polling list)

Following DP cycles

It can still happen that the slave answers incorrectly (e.g. because, as a result of a local event on the slave, the DP connection has been removed). In this case, the telegram is not repeated, but the system continues by sending the next telegram. The DpState is set to a value other than 0, the slave is removed from the polling list and is no longer addressed in the following DP cycle (which means that the time at which the following telegram is sent changes), until the DP connection can be established again.

Reactions in the master

The master's reactions can be set differently for each slave (see the tab for the slave's Features).

Effect on the DP connection (NoAnswer reaction) if the slave either does not answer or does not answer correctly

This specifies whether the DP connection to the slave should be removed immediately in the absence of a correct reception telegram, or only after the DP watchdog time has elapsed (see the slave's PROFIBUS tab).

1.: If the DP connection is to be removed immediately (Leave Data Exch, default setting) the slave is removed from the polling list and is no longer addressed in the following DP cycles until the DP connection is established once again. In order to re-establish the DP connection to the slave, at least 7 telegrams are sent, and the process generally requires at least 10-20 ms.

2.: If the DP connection is only to be removed when the slave has not answered (or not answered correctly) within the DP watchdog time (Stay in Data-Exch (for WD-Time)), a further attempt is made in the next polling cycle to address the slave, but if the slave does not answer, a repeat is not sent.

The "Stay in Data-Exch (for WD-Time))" (2.) setting makes sense if the PROFIBUS cycle is to continue to operate at the most regular possible period even if a slave fails, and if the failure of a slave for one or more cycles can be tolerated (e.g. in the DP/MC (Equidistant) operation mode). In this case the DP watchdog time for the slave should be set according to the tolerable outage time of the slave, and the Max Retry limit (DX) (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Bus Parameters dialog) should be set to 0.

Normal DP cycle (12 Mbit/s, 5 slaves, on average 20 bytes I, 20 bytes O per slave) in mode "Stay in Data Exch (for WD time)"

Normal DP cycle for Stay in Data Exch (for WD time)

first faulty and subsequent DP cycles in the "Stay in Data-Exch (for WD-Time)" mode (slave 3 does not respond)

profibus-zyklus ausfall eines slaves mit stay in data-exch

First faulty and subsequent DP cycles for Stay in Data Exch (for WD time)

Changes of the slave's input data if the slave does not respond correctly

Here you can specify whether the input data of the slave are set to 0 if the slave fails ("Inputs will be set to 0", default setting) or whether the old value should be retained ("No changes"). In either case the DpState of the slave is set to value other than 0, so that the task can always recognize whether or not the data is valid. If a slave gives a faulty answer, the input data is always set to 0, independently of the setting of Changes of the Input Data.

Setting the slave's restart behavior if the DP connection to the slave is removed

This specifies whether the DP connection to slave whose DP connection has been removed is automatically re-established, or whether this should be done manually as a result of a call to ADS-WriteControl (see ADS-Interface).

The reaction of the master if the DP connection to the slave is removed

This specifies whether removing the DP connection to a slave has no other effects (No Reaction, the default setting), or whether the master should enter the STOP state, thus removing the DP connections to all the slaves.

Effect on the state of the master (Clear mode), if the DP connection to the slave is removed

Clear mode (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Fault Settings dialog) can be used to specify that the master should switch to or remain in "Clear" state, as long as at least one MC slave (setting: "Only MC slaves") or any slave (setting: "All slaves") does not respond correctly (i.e. has a DpState not equal 0).

The Reaction of the Master setting (see the slave's Features tab), which was described in the previous chapter, has priority over the Auto-Clear mode, so that when an appropriately set slave fails, the Master enters the STOP state.

Failure of the master

Monitoring in the PLC/IO task

In the event of persistent bus faults, the DP cycle also may extend up to 100 ms, even with 12 Mbit/s. In order to monitor the DP master, there is a status variable CycleCounter, and this can be linked in the PLC (see the Master Diagnostics chapter). This variable is incremented by the master after each DP cycle, so that failure of the master can be detected by monitoring this variable in the PLC.

Monitoring in the slave

In order to monitor failure of the master and data transmission on the PROFIBUS, a watchdog (see the box's PROFIBUS tab) can be activated (default setting: watchdog activated with 200 ms). The Watchdog must be set to at least twice the maximum Estimated Cycle Time and Cycle Time (see "FC310x" tab (for TwinCAT 2.8 or TwinCAT 2.9) of the master).

Failure of the PLC/IO task

A distinction is made between a PLC stop, reaching a break point and a task stop (the I/O task and NC task are only stopped when the entire system stops). In the case of a PLC stop, the output data is set to 0 by the PLC, whereas when a breakpoint is reached the data initially remains unchanged.

In the master, the task is monitored with a monitoring time (TwinCAT 2.8: according to the setting Clear Delay x task cycle time on the PROFIBUS tab of the master, TwinCAT 2.9: according to the setting Task Watchdog x task cycle time in the Fault Settings dialog). If no new data transfer takes place within this monitoring time, the master switches to "Clear" state according to the setting Reaction on PLC Stop or Reaction on Task Stop (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Fault Settings dialog) (outputs are set to 0 or safe state (Fail_Safe = 1 in the GSD file, default setting) or remains in "Operate" state (outputs retain the last value). The "Operate" setting is valuable when the outputs should not be cleared when a breakpoint is reached in the PLC. However, if the PLC stops, the outputs will still be set to 0 (by the PLC), even if the master remains in the "Operate" state. It should, however, be noted that the outputs will only be zeroed if the previous DP cycle is completed in time (see the Synchronization chapter). It should therefore only be set during the commissioning phase.

Failure of the host

To monitor a host crash (e.g. blue screen on a PC), a watchdog time can be set (TwinCAT 2.8: see FC310x tab of the master, TwinCAT 2.9: see Fault Settings dialog). If this watchdog timer elapses, the master enters the OFFLINE state, so that the DP connections to all the slaves are removed, and the master logs off from the PROFIBUS, ceasing to carry out bus accesses.

Start-up behavior

The DP connections to all the slaves are established when the TwinCAT system starts up. Until the highest priority task that is involved has not been started, the master still does not send any Data_Exchange telegrams even after the DP connection has been established, and sends only diagnostic telegrams. As soon as the highest priority task has transferred data once, and the DP connection for the corresponding DP slave has been established, the master cyclically (with the highest priority assigned task) sends one Data_Exchange telegram to each of the corresponding slaves.

In addition, the Operate Delay and Clear Mode settings (TwinCAT 2.8: see PROFIBUS tab of the master, TwinCAT 2.9: see Fault Settings dialog) can be used to specify when the master switches from "Clear" state (outputs are set to 0 or safe state (Fail_Safe = 1 in the GSD file)) to "Operate" state (outputs correspond to the outputs transferred by the task). The Operate Delay specifies the minimum length of time for which the master should remain in the "Clear" state following the first transfer of data. As has been described above, the Clear mode specifies whether the master changes into or remains in the "Clear" state if a slave in general or an MC slave in particular fails.

Shut-down behavior

The reaction to the stopping of the TwinCAT system is exactly the same as has been described above in the "Failure of the Host" chapter; the DP connections to all slaves are removed, and the master logs itself off from the bus.