[go: up one dir, main page]

CN118689088B - High-availability IO module redundancy control method and system for secure and reliable system - Google Patents

High-availability IO module redundancy control method and system for secure and reliable system Download PDF

Info

Publication number
CN118689088B
CN118689088B CN202411119833.XA CN202411119833A CN118689088B CN 118689088 B CN118689088 B CN 118689088B CN 202411119833 A CN202411119833 A CN 202411119833A CN 118689088 B CN118689088 B CN 118689088B
Authority
CN
China
Prior art keywords
module
channel
working mode
working
availability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411119833.XA
Other languages
Chinese (zh)
Other versions
CN118689088A (en
Inventor
张创勋
伍登登
黄星
林炜
黄继欣
翁飞帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chitic Control Engineering Co ltd
Original Assignee
Chitic Control Engineering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chitic Control Engineering Co ltd filed Critical Chitic Control Engineering Co ltd
Priority to CN202411119833.XA priority Critical patent/CN118689088B/en
Publication of CN118689088A publication Critical patent/CN118689088A/en
Application granted granted Critical
Publication of CN118689088B publication Critical patent/CN118689088B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)
  • Hardware Redundancy (AREA)

Abstract

The invention discloses a high-availability IO module redundancy control method and a system of a safe and reliable system, the module is divided into two parts, namely a template side and a channel, wherein the template side is responsible for communication tasks, and the channel is responsible for channel control tasks. Two parts in a pair of redundant modules are independently redundant, if a channel fault occurs, only a fault channel is switched, other channels and communication parts are operated in an original module, if the communication part is in fault, only a template side is switched, the channel part is operated in the original module, the redundancy and the channel redundancy are independently controlled, the availability of the module can be greatly improved through the mode, after any part is in fault, the redundancy functions of other parts are not affected, compared with a multiplex redundancy technology, hardware is not required to be increased to reduce cost and fault points.

Description

High-availability IO module redundancy control method and system for safe and trusted system
Technical Field
The invention relates to the technical field of industrial control, in particular to a high-availability IO module redundancy control method and system of a safe and reliable system.
Background
The DCS control system (DistributedControlSystem ) is widely applied to industries such as electric power, metallurgy, petroleum, chemical industry and the like, has higher requirements on safety in specific application scenes, and the used IO module needs to have a redundancy function. The DCS control system is often applied to a continuous process control system, and if an abnormal stop condition occurs, serious loss will be caused to the enterprise, so that the availability of the module is also particularly important in the actual use process.
Module redundancy technology: redundancy switching can only be based on the entire module switching, and the complete function cannot be normally used as long as the module has a fault. If the module detects that a certain channel fault is subjected to redundancy switching, the current redundancy module is in a fault state when the other module fails again under the condition that the fault module is not replaced in time.
Multiplexing redundancy technique: the hardware cost is higher, an additional voting circuit is needed, and when one module fails, the current redundant module is in a failure state under the condition that the failed module is not replaced in time.
At present, the two technologies have the problem of insufficient availability, and when a plurality of faults occur, the situation that the system is uncontrollable may occur, so that more manpower is required to patrol the module when the two technologies are used, and more spare parts are also required to be prepared.
In view of the foregoing, there is a need for a method and system for redundant control of high-availability IO modules in a secure and trusted system to solve the shortcomings of the prior art.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a high-availability IO module redundancy control method and system of a safe and reliable system, and aims to solve the problems.
In order to achieve the above purpose, the present invention provides the following technical solutions: a high-availability IO module redundancy control method and system of a safe and trusted system comprise the following steps:
step S1: after power-on, the two redundant modules enter a redundant state, and the channel control switch is disconnected;
Step S2: judging whether the current template side address value is smaller than the template side address value of the redundant module;
Step S3: if the current template side address value is smaller than the template side address value of the redundancy module, closing a channel control switch of the working module to enter a working mode, executing a working module operation step, and if the current template side address value is larger than the template side address value of the redundancy module, keeping opening the channel control switch of the working module to enter a backup mode, and executing the backup module operation step.
Optionally, the executing the working module in the step S3 includes the following steps:
Step Sa1: the working module is communicated with the controller through SNet, respectively transmits/receives data when being used as an input/output module, and periodically performs self-diagnosis, and alarms the controller and requests the backup module to exit the working mode if abnormality is found;
step Sa2: channel management and switching: the module periodically polls the states of all channels, and for the channels in the working mode, the module closes the corresponding channel control switch to be connected with external equipment;
Step Sa3: and (3) fault treatment: if the channel or the template side fails, the working module informs the backup module to prepare for taking over, closes the failed channel and activates the standby channel, or completely exits the working mode to enable the backup module to switch to the working mode, otherwise, normal acquisition or output control is continued.
Optionally, the step Sa1 specifically includes:
Step S201: the communication is carried out between SNet and the controller, the collected channel data are sent to the controller when the module is used as an input module, and the data sent by the controller are received and output when the module is used as output;
step S202: judging whether the current module diagnosis is normal or not;
Step S203: sending a diagnosis data alarm to the controller, sending a module exit working mode request to the backup module, exiting the working mode, and executing the backup module operation step by the module after exiting the working mode.
Optionally, the step Sa2 specifically includes:
step S204: all channels in the polling module;
step S205: judging whether the current channel is in a working mode or not;
step S206: if the current channel is not in the working mode, the channel control switch is disconnected;
Step S207: if the current channel is in the working mode, a channel control switch is closed to connect the external controlled tested equipment.
Optionally, the step Sa3 specifically includes:
step S208: judging whether the current channel diagnosis is normal or not;
Step S209: if the channel does not have a fault, a channel work mode exit request is sent to the backup module, and the current channel exits from the work mode;
Step S210: and if the channel fails, acquiring or outputting the control data of the channel.
Optionally, in the step S3, the module executes a backup module operation step:
Step S31: the backup module interacts with the working module through redundant communication, and sends channel data when the backup module is used as an input module and receives data when the backup module is used as an output module; judging whether a command for exiting the working mode is received, switching to the working mode if the command is received, otherwise, polling all channels;
Step S32: judging the working mode of the current channel, if the current channel is not in the working mode, opening the channel control switch, and if the current channel is in the working mode, closing the switch and connecting external equipment;
step S33: judging the channel diagnosis state, if abnormal, requesting to exit the working mode and closing the channel, otherwise, carrying out normal acquisition or output operation according to the control data.
Optionally, the step S31 specifically includes:
step S301: the redundant communication is communicated with the working module, the collected channel data is sent to the working module when the module is used as an input module, and the data sent by the working module is received and output when the module is used as an output module;
Step S302: judging whether a command of exiting the working mode sent by the working module is received currently;
Step S303: and if a command for exiting the working mode is received, switching the mode to the working mode and operating the working module.
Optionally, the step S32 specifically includes:
step S304: if the command of exiting the working mode is not received, all channels in the module are polled;
Step S305: judging whether the current channel is in a working mode or not;
step S306: if the channel is not in the working mode, the channel control switch is disconnected;
Step S307: if the channel is in the working mode, the channel control switch is closed to connect the external controlled tested equipment.
Optionally, the step S33 specifically includes:
step S308: judging whether the current channel diagnosis is normal or not;
Step S309: if the channel fails, a channel working mode exit request is sent to the working module, and the current channel exits from the working mode;
Step S310: and if the channel does not have a fault, acquiring or outputting the control data of the channel.
A high-availability IO module redundancy control system of a safe and reliable system comprises a system network SNet and a communication module,
A system network SNet for communicating with the controller;
The IO module is used for transmitting the data acquired by the module to the controller through SNet when the module is used as an input module, and outputting the control data received through SNet when the module is used as an output module;
The IO module is internally provided with a plurality of input/output channels, and the input/output channels are provided with channel control switches for controlling the opening or closing of the channels.
The invention has the beneficial effects that:
In the invention, the redundancy of the independent template side and the redundancy of the channel are independently controlled, and the availability of the module can be greatly improved in the mode, and when any part fails, the redundancy functions of other parts are not affected;
compared with the multiple redundancy technology, the invention does not need to increase hardware to reduce cost and fault points;
in the invention, the module is divided into two parts of a template side and a channel side, the template side is responsible for communication tasks, the channel is responsible for channel control tasks, two parts in a pair of redundant modules are redundant independently, if a channel fault occurs, only the fault channel is switched, other channels and communication parts still work in the original module, if the communication part fails, only the template side is switched, and the channel part still works in the original module.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Fig. 2 is a schematic flow chart of the operation of the working module.
FIG. 3 is a schematic flow chart of the backup module operation.
Fig. 4 is a redundant block diagram of the system of the present invention.
Fig. 5 is a data flow diagram of a working module and a working channel in the same module.
FIG. 6 is a flow chart of data flow between a work module and a work channel in different modules.
FIG. 7 is a flow chart of data flow between the working module and a portion of the working channel at different modules.
Detailed Description
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained from these drawings without inventive effort for a person skilled in the art.
As shown in fig. 1-3, a method for controlling redundancy of high-availability IO modules of a safe and trusted system includes.
1. Judging a module power-on mode:
step S1: after power-on, the two redundant modules enter a redundant state, and the channel control switch is disconnected;
Step S2: judging whether the current template side address value is smaller than the template side address value of the redundant module;
Step S3: if the current template side address value is smaller than the template side address value of the redundancy module, closing a channel control switch of the working module to enter a working mode, executing a working module operation step, and if the current template side address value is larger than the template side address value of the redundancy module, keeping opening the channel control switch of the working module to enter a backup mode, and executing the backup module operation step;
2. The operation steps of the working module are as follows:
Step Sa1: the working module is communicated with the controller through SNet, respectively transmits/receives data when being used as an input/output module, and periodically performs self-diagnosis, and alarms the controller and requests the backup module to exit the working mode if abnormality is found;
step Sa2: channel management and switching: the module periodically polls the states of all channels, and for the channels in the working mode, the module closes the corresponding channel control switch to be connected with external equipment;
Step Sa3: and (3) fault treatment: if the channel or the template side fails, the working module informs the backup module to prepare for taking over, closes the failed channel and activates the standby channel, or completely exits the working mode to enable the backup module to switch to the working mode, otherwise, normal acquisition or output control is continued.
The method specifically comprises the following steps:
Step S201: the communication is carried out between SNet and the controller, the collected channel data are sent to the controller when the module is used as an input module, and the data sent by the controller are received and output when the module is used as output;
step S202: judging whether the current module diagnosis is normal or not;
step S203: sending a diagnosis data alarm to a controller, sending a module exit working mode request to a backup module, exiting the working mode, and executing a backup module operation step by the module after exiting the working mode;
step S204: all channels in the polling module;
step S205: judging whether the current channel is in a working mode or not;
step S206: if the current channel is not in the working mode, the channel control switch is disconnected;
Step S207: if the current channel is in the working mode, closing a channel control switch and connecting external controlled and tested equipment;
step S208: judging whether the current channel diagnosis is normal or not;
Step S209: if the channel does not have a fault, a channel work mode exit request is sent to the backup module, and the current channel exits from the work mode;
Step S210: and if the channel fails, acquiring or outputting the control data of the channel.
3. The backup module operation steps:
Step S31: the backup module interacts with the working module through redundant communication, and sends channel data when the backup module is used as an input module and receives data when the backup module is used as an output module; judging whether a command for exiting the working mode is received, switching to the working mode if the command is received, otherwise, polling all channels;
Step S32: judging the working mode of the current channel, if the current channel is not in the working mode, opening the channel control switch, and if the current channel is in the working mode, closing the switch and connecting external equipment;
step S33: judging the channel diagnosis state, if abnormal, requesting to exit the working mode and closing the channel, otherwise, carrying out normal acquisition or output operation according to the control data.
The method specifically comprises the following steps:
step S301: the redundant communication is communicated with the working module, the collected channel data is sent to the working module when the module is used as an input module, and the data sent by the working module is received and output when the module is used as an output module;
Step S302: judging whether a command of exiting the working mode sent by the working module is received currently;
Step S303: and if a command for exiting the working mode is received, switching the mode to the working mode and operating the working module.
Step S304: if the command of exiting the working mode is not received, all channels in the module are polled;
Step S305: judging whether the current channel is in a working mode or not;
step S306: if the channel is not in the working mode, the channel control switch is disconnected;
Step S307: if the channel is in the working mode, the channel control switch is closed to connect the external controlled tested equipment.
Step S308: judging whether the current channel diagnosis is normal or not;
Step S309: if the channel fails, a channel working mode exit request is sent to the working module, and the current channel exits from the working mode;
Step S310: and if the channel does not have a fault, acquiring or outputting the control data of the channel.
As shown in fig. 4-7, a high availability IO module redundancy control system for a secure trusted system, comprising a system network SNet and a communication module,
A system network SNet for communicating with the controller;
The communication module is used for transmitting the data acquired by the module to the controller through SNet when the module is used as an input module, and outputting the control data received through SNet when the module is used as an output module;
A plurality of communication channels are arranged in the communication module, and channel control switches are arranged on the communication channels and used for controlling the opening or closing of the channels.
Redundant communication: communication between two redundant modules is realized;
S1-16: the channel control switch is used for controlling the opening or closing of the channel, and is not limited to a switch element, so long as the opening or closing of the channel can be realized;
Channel 1-16: and a specific channel control loop.
As shown in fig. 4, in the module state of the pair without any redundant switching, the left module template side is in the working mode, all the channel control switches on the channel side are closed in the working mode, the right module template side is in the backup mode, all the channel control switches on the channel side are open, and the module is in the backup mode.
Redundant switching description:
When a fault occurs, only the fault part is switched, if the channel 1 is switched to the backup channel 1 of another module after the fault occurs, the module and other channels keep running in the current state, or the module sends the fault and only the template side is switched, and the channel keeps running in the current state.
The switching of the master and slave of the template side and the master and slave of the channel are controlled by the current module as a working mode module, and the following fault modes are used for example:
Channel failure:
If the channel is detected to be faulty, the module with the template side in the working mode performs channel switching control, and switching scenes can be divided into two types.
Scene one: the working module and the current fault channel are in the same module, the working module closes the current fault channel, and notifies the backup module to open the corresponding channel through redundant communication, if the working module channel 1 fails, the backup module channel 1 controls the switch to be closed after the control switch of the working module channel 1 is opened, and the channel switching is completed.
Scene II: the working module and the current fault channel are positioned in different modules, the working module notifies the backup module to close the fault channel through redundant communication, the corresponding channel of the working module is opened after the channel is closed, if the channel 1 in the backup module is in fault, the working module notifies the backup module to close the channel 1 through redundant communication, and after the channel control switch of the channel 1 is opened, the channel control switch of the channel 1 of the module where the working module is positioned is closed, so that channel switching is completed.
Module failure:
If the working module detects that the working module fails, the working module exits the working mode and sends a module switching command to the backup module through redundant communication, and the backup module switches to the working mode after receiving the command.
Data flow direction:
The data flow in the IO module is represented by a dotted line, the data transmission direction depends on the type of the module, the data transmission direction is from the channel side to the template side to the controller (SNet) when the module is an input module, and the data transmission direction is from the controller (SNet) to the template side to the channel side when the module is an output module.
As shown in fig. 5, the data flow of the working module and the working channel in the same module is shown;
As shown in fig. 6, the data flow of the working module and the working channel under different module conditions is shown, and the control data of the backup module channel side is obtained from the working module through redundant communication;
As shown in fig. 7, the data flow of the working module and part of the working channels under the condition of different modules is shown, the channel control data of the working channel and the working module in the same module are directly obtained from the working module, and the control data of the working channel in the backup module is obtained from the working module through redundant communication.
The working principle of the invention is as follows: the module is divided into two parts, namely a template side and a channel, wherein the template side is responsible for communication tasks, and the channel is responsible for channel control tasks. If a channel fault occurs, only a fault channel is switched, other channels and communication parts still work in the original module, if a communication part fault occurs, only a template side is switched, the channel part still works in the original module, the redundancy of the independent template side and the redundancy of the channel are independently controlled, the availability of the module can be greatly improved through the mode, after any part fails, the redundancy functions of other parts are not affected, and compared with a multiplexing redundancy technology, hardware is not required to be increased to reduce cost and fault points.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, or alternatives falling within the spirit and principles of the invention.

Claims (10)

1.一种安全可信系统的高可用IO模块冗余控制方法,其特征在于,包括以下步骤:1. A high-availability IO module redundancy control method for a safe and reliable system, characterized by comprising the following steps: 步骤S1:上电后,两个冗余模块进入冗余状态,通道控制开关断开;Step S1: After power-on, the two redundant modules enter the redundant state, and the channel control switch is disconnected; 步骤S2:判断当前模板侧地址值是否小于冗余模块的模板侧地址值;Step S2: Determine whether the current template side address value is less than the template side address value of the redundant module; 步骤S3:若当前模板侧地址值小于冗余模块的模板侧地址值,则工作模块的通道控制开关闭合进入工作模式,执行工作模块运行步骤,若当前模板侧地址值大于冗余模块的模板侧地址值,则工作模块的通道控制开关保持断开进入备份模式,执行备份模块运行步骤,Step S3: If the current template side address value is less than the template side address value of the redundant module, the channel control switch of the working module is closed to enter the working mode, and the working module operation steps are executed; if the current template side address value is greater than the template side address value of the redundant module, the channel control switch of the working module remains disconnected to enter the backup mode, and the backup module operation steps are executed. 将模块分为模板侧和通道两个部分,模板侧负责通讯方面任务,通道负责通道控制方面任务,若出现通道故障,则仅切换故障通道,其他通道和通讯部分仍在原模块工作,若出现通讯部分故障,则仅切换模板侧,通道部分仍在原模块工作,独立模板侧冗余和通道冗余,两部分冗余单独控制。The module is divided into two parts, the template side and the channel. The template side is responsible for communication tasks, and the channel is responsible for channel control tasks. If a channel failure occurs, only the faulty channel will be switched, and the other channels and communication parts will still work in the original module. If a communication part failure occurs, only the template side will be switched, and the channel part will still work in the original module. Independent template side redundancy and channel redundancy, the two parts of redundancy are controlled separately. 2.根据权利要求1所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤S3中模块执行工作模块运行步骤为:2. According to the high-availability IO module redundancy control method of the safe and reliable system of claim 1, it is characterized in that the module execution working module operation steps in step S3 are: 步骤Sa1:与控制器通讯及自我诊断,工作模块通过SNet与控制器通讯,作为输入/输出模块时分别发送/接收数据,并定期自我诊断,若发现异常则向控制器报警并向备份模块请求退出工作模式;Step Sa1: Communicate with the controller and self-diagnose. The working module communicates with the controller through SNet, sends/receives data when acting as an input/output module, and performs self-diagnosis regularly. If an abnormality is found, the controller is alerted and the backup module is requested to exit the working mode. 步骤Sa2:通道管理及切换:模块周期性地轮询所有通道的状态,对于处于工作模式的通道,模块闭合相应的通道控制开关以连接外部设备;Step Sa2: Channel management and switching: The module periodically polls the status of all channels. For channels in working mode, the module closes the corresponding channel control switch to connect external devices. 步骤Sa3:故障处理:若通道或模板侧故障,工作模块通知备份模块准备接管,关闭故障通道并激活备用通道,或完全退出工作模式使备份模块切换至工作模式,否则继续进行正常的采集或输出控制。Step Sa3: Fault handling: If a channel or template fails, the working module notifies the backup module to take over, closes the faulty channel and activates the backup channel, or completely exits the working mode to switch the backup module to the working mode, otherwise continues normal acquisition or output control. 3.根据权利要求2所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤Sa1具体为:3. According to the high-availability IO module redundancy control method of the secure and reliable system of claim 2, characterized in that the step Sa1 specifically comprises: 步骤S201:通过SNet和控制器进行通讯,当模块作为输入模块时将采集到的通道数据发送给控制器,当模块作为输出时则接收控制器下发的数据进行输出;Step S201: Communicate with the controller through SNet. When the module is used as an input module, the collected channel data is sent to the controller. When the module is used as an output module, the data sent by the controller is received and output. 步骤S202:判断当前模块诊断是否正常;Step S202: Determine whether the current module diagnosis is normal; 步骤S203:给控制器发送诊断数据报警,并向备份模块发送模块退出工作模式请求,并模块退出工作模式,退出工作模式后模块执行备份模块运行步骤。Step S203: Send a diagnostic data alarm to the controller, and send a module exit working mode request to the backup module, and the module exits the working mode. After exiting the working mode, the module executes the backup module operation steps. 4.根据权利要求3所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤Sa2具体为:4. According to the high-availability IO module redundancy control method of the secure and reliable system of claim 3, characterized in that the step Sa2 is specifically: 步骤S204:轮询模块中全部通道;Step S204: polling all channels in the module; 步骤S205:判断当前通道是否处于工作模式;Step S205: determining whether the current channel is in working mode; 步骤S206:若当前通道未处于工作模式,则断开通道控制开关;Step S206: If the current channel is not in working mode, the channel control switch is turned off; 步骤S207:若当前通道处于工作模式,则闭合通道控制开关,连接外部被控、被测设备。Step S207: If the current channel is in working mode, the channel control switch is closed to connect the external controlled and tested device. 5.根据权利要求4所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤Sa3具体为:5. According to the high-availability IO module redundancy control method of the secure and reliable system of claim 4, characterized in that the step Sa3 is specifically: 步骤S208:判断当前通道诊断是否正常;Step S208: determining whether the current channel diagnosis is normal; 步骤S209:若通道未出现故障,则向备份模块发送通道退工作模式请求,并当前通道退出工作模式;Step S209: If the channel does not fail, a channel exit working mode request is sent to the backup module, and the current channel exits working mode; 步骤S210:若通道出现故障,则根据通道控制数据对通道进行采集或输出控制。Step S210: If a channel fails, the channel is collected or output controlled according to the channel control data. 6.根据权利要求1所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤S3中模块执行备份模块运行步骤:6. The high-availability IO module redundancy control method of a secure and reliable system according to claim 1, characterized in that the module in step S3 executes the backup module operation step: 步骤S31:备份模块通过冗余通讯与工作模块交互,作为输入模块时发送通道数据,作为输出模块时接收数据;判断是否接收到退出工作模式的命令,若接收到则切换到工作模式,否则轮询所有通道;Step S31: The backup module interacts with the working module through redundant communication, sends channel data when acting as an input module, and receives data when acting as an output module; determines whether a command to exit the working mode is received, and switches to the working mode if received, otherwise polls all channels; 步骤S32:判断当前通道的工作模式,若不在工作模式则断开通道控制开关,若在工作模式则闭合开关并连接外部设备;Step S32: Determine the working mode of the current channel, if it is not in the working mode, disconnect the channel control switch, if it is in the working mode, close the switch and connect the external device; 步骤S33:判断通道诊断状态,若异常则请求退出工作模式并关闭通道,否则根据控制数据进行正常的采集或输出操作。Step S33: Determine the channel diagnosis status. If it is abnormal, request to exit the working mode and close the channel. Otherwise, perform normal collection or output operations according to the control data. 7.根据权利要求6所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤S31具体为:7. The high-availability IO module redundancy control method of the secure and reliable system according to claim 6, wherein the step S31 is specifically: 步骤S301:通过冗余通讯和工作模块进行通讯,当模块作为输入模块时将采集到的通道数据发送给工作模块,当模块作为输出时则接收工作模块下发的数据进行输出;Step S301: Communicate with the working module through redundant communication. When the module is used as an input module, it sends the collected channel data to the working module. When the module is used as an output module, it receives the data sent by the working module for output. 步骤S302:判断当前是否接收到工作模块发的退出工作模式命令;Step S302: Determine whether a command to exit the working mode sent by the working module is currently received; 步骤S303:若收到退出工作模式命令,则模式切换到工作模式并运行工作模块运行步骤。Step S303: If an exit working mode command is received, the mode is switched to working mode and the working module operation steps are executed. 8.根据权利要求7所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤S32具体为:8. The high-availability IO module redundancy control method of the secure and reliable system according to claim 7, wherein step S32 is specifically: 步骤S304:若未收到退出工作模式命令,则轮询模块中全部通道;Step S304: If no exit working mode command is received, all channels in the module are polled; 步骤S305:判断当前通道是否处于工作模式;Step S305: determine whether the current channel is in working mode; 步骤S306:若通道未处于工作模式,则断开通道控制开关;Step S306: If the channel is not in working mode, disconnect the channel control switch; 步骤S307:若通道处于工作模式,则闭合通道控制开关,连接外部被控、被测设备。Step S307: If the channel is in working mode, the channel control switch is closed to connect the external controlled and tested device. 9.根据权利要求8所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,所述步骤S33具体为:9. The high-availability IO module redundancy control method of the secure and reliable system according to claim 8, wherein step S33 is specifically: 步骤S308:判断当前通道诊断是否正常;Step S308: Determine whether the current channel diagnosis is normal; 步骤S309:若通道出现故障,则向工作模块发送通道退工作模式请求,并当前通道退出工作模式;Step S309: If a channel fails, a channel exit working mode request is sent to the working module, and the current channel exits the working mode; 步骤S310:若通道未出现故障,则根据通道控制数据对通道进行采集或输出控制。Step S310: If the channel has no fault, the channel is collected or output controlled according to the channel control data. 10.一种安全可信系统的高可用IO模块冗余控制系统,采用如权利要求1所述安全可信系统的高可用IO模块冗余控制方法,其特征在于,包括系统网络SNet和IO模块,10. A high-availability IO module redundancy control system for a safe and reliable system, using the high-availability IO module redundancy control method for a safe and reliable system as claimed in claim 1, characterized in that it comprises a system network SNet and IO modules, 系统网络SNet,用于和控制器通讯;System network SNet, used to communicate with the controller; IO模块,当模块作为输入模块时,通过SNet将模块采集到的数据传输给控制器,当模块作为输出模块时,通过SNet接收到的控制数据进行输出;IO module, when the module is used as an input module, it transmits the data collected by the module to the controller through SNet; when the module is used as an output module, it outputs the control data received through SNet; IO模块内设置若干输入/输出通道,输入/输出通道上均设置通道控制开关,用于控制通道的开启或关闭。Several input/output channels are set in the IO module, and channel control switches are set on the input/output channels to control the opening or closing of the channels.
CN202411119833.XA 2024-08-15 2024-08-15 High-availability IO module redundancy control method and system for secure and reliable system Active CN118689088B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411119833.XA CN118689088B (en) 2024-08-15 2024-08-15 High-availability IO module redundancy control method and system for secure and reliable system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411119833.XA CN118689088B (en) 2024-08-15 2024-08-15 High-availability IO module redundancy control method and system for secure and reliable system

Publications (2)

Publication Number Publication Date
CN118689088A CN118689088A (en) 2024-09-24
CN118689088B true CN118689088B (en) 2024-11-08

Family

ID=92768019

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411119833.XA Active CN118689088B (en) 2024-08-15 2024-08-15 High-availability IO module redundancy control method and system for secure and reliable system

Country Status (1)

Country Link
CN (1) CN118689088B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105929765A (en) * 2016-07-01 2016-09-07 沈阳远大电力电子科技有限公司 Redundant control system
CN116107195A (en) * 2021-11-09 2023-05-12 罗克韦尔自动化技术公司 System and method for coordinating insertion and/or removal of redundant input/output components

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5961212B2 (en) * 2014-04-11 2016-08-02 大陽日酸株式会社 Redundant system and redundancy method
EP3170082A4 (en) * 2014-07-15 2018-05-30 Honeywell International Inc. Partial redundancy for i/o modules or channels in distributed control systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105929765A (en) * 2016-07-01 2016-09-07 沈阳远大电力电子科技有限公司 Redundant control system
CN116107195A (en) * 2021-11-09 2023-05-12 罗克韦尔自动化技术公司 System and method for coordinating insertion and/or removal of redundant input/output components

Also Published As

Publication number Publication date
CN118689088A (en) 2024-09-24

Similar Documents

Publication Publication Date Title
US7133747B2 (en) Robot controller
CN101119187B (en) Master-salve equipment switch control method
JPH1115502A (en) Digital controller
JP5706347B2 (en) Redundant control system
CN118689088B (en) High-availability IO module redundancy control method and system for secure and reliable system
CN201163348Y (en) Application control apparatus used for redundant system
CN112034774A (en) Hot redundancy control method
KR101345512B1 (en) Digital Protective Relay with Duplex Function
JP4095413B2 (en) Electronic interlocking device
JP2555472B2 (en) Distributed control system with signal cable connection status monitoring function
CN106849352A (en) Converter valve Control protection system comprising light modulation communication module
JP3279068B2 (en) Redundant controller
JP2000224079A (en) System for remedying fault of simplex optical transmission line node device
JPS6019540B2 (en) Configuration switching control method
JPH08191491A (en) Field bus system
JPH09244740A (en) Remote monitor and control equipment
JP2713134B2 (en) Automatic system selection method and communication system therefor
JP2000244520A (en) Abnormality diagnostic method for duplex network
JPH0540649A (en) Redundant switching system
KR200183008Y1 (en) Network automatic recovery device of local area information network system
JPH02280636A (en) Power consumption control system for electronic exchange
JPS63285053A (en) Fault processing system for network management equipment
JPH02231603A (en) Duplex switch system
CN117277578A (en) Remote-motion four-remote information transmission type automatic power dispatching method
JPS61129938A (en) Polling system remote supervisory controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant