![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0061.jpg)
4
this may break the daisy chain and prevent power from reaching the
second power supply), there is no protection if the actual supply fails.
Rather, both power inputs should be connected to two completely
separate supplies, so that in the event of one supply failure the second
will take over powering the device.
In terms of communications equipment we can also look at rout-
er redundancy. If a router joining two important network segments
fails, communication between those segments could be lost. In
some networks this could mean losing communication to a single or
multiple substations, or alternatively disconnecting a branch from the
main control centre. In some cases this may not be a critical problem,
and time could be taken to solve the issue. In other applications this
loss of communications could lead to the loss of time, income and
production. Generally one should try prevent routing mission critical
data (due to the additional delays imposed by routing), and in some
cases (notably GOOSE (Generic Object Oriented Substation Events))
certain data cannot be routed at all. Once again, this comes down to a
weigh-up between how much an additional router would cost versus
the potential losses if the routing fails. Routers provide non-critical
services such as remote access control. In these cases a lost router
may mean a technician has to travel to site rather than sorting a
problem out remotely; this could be deemed an inconvenience rather
than a critical issue.
In cases where failure of a router could mean critical communi-
cations losses, the option to use VRRP (Virtual Router Redundancy
Protocol) can be considered. This protocol works by effectively creating
a single virtual router from two or more physical routers. End devices’
routing needs will be serviced by the virtual router, without them
being aware of which router was physically handling the routing. In
the event of failure of the primary router, the secondary will take over
with minimum downtime (a few seconds for most basic networks),
and in a manner that is transparent to the end devices. Without this
protocol, failover between two routers would either need to be done
manually (by changing the configuration of the end devices) or would
require multiple gateway configurations in end devices (and end
devices, especially PLCs, IEDs and RTUs, will not allow for multiple
gateway configurations).
Switch redundancy
Actual switch redundancy is a lot harder to cater for, as a switch
provides an end device point to which it connects to the network. If a
switch fails completely, any interfaces connected to that switch will
obviously lose connection to the larger network. Whilst we can look at
options such as redundant power supplies, the only way to allow for
an actual switch failure is if the end devices support multiple Ethernet
connections. For instance, a PC that has two network interfaces and
the correct software could be physically connected to the network
via two separate switches. In the event one switch fails, the second
connection could be used to transmit data to the network. Obviously
in this case the two connections would be required to be on different
physical switches or at least on different modules in the switch.
Monitoring redundancy
Many different redundancy options are available for communications
networks and they all have in common: Redundancy is next to useless
if not monitored! If we have cable redundancy on the network, and
our redundant cables all break but no-one is actually monitoring the
situation, we are left in a position where the network is no longer
redundant, and none of the broken cables is being addressed. This
means that if another cable breaks we will experience communication
interruptions on the network. Not monitoring redundancy is simply
delaying the inevitable, we may cater for the first cable break (or first
few breaks) but beyond that the network is no longer redundant. If
the situation is being correctly monitored, the redundancy in place will
recover from the failure and communication will not be lost while the
issue is being dealt with.
Monitoring of a network can be done in a variety of ways, how-
ever, the easiest, most automated and most reliable is to install and
commission an NMS (Network Management System). An NMS uses
a protocol called SNMP (Simple Network Management Protocol) to
collect information from devices on the network. Note:
This is most
commonly used for monitoring the communications network itself (for
example, switches and routers rather than end devices), but it can be
used to collect basic information from end devices if required.
SNMP
is another open protocol that is supported by most, if not all, industrial
grade networking hardware manufacturers.
It provides a way to share information about a device (such as
uptime, alarm status, model number, temperature of CPU etc) using
a standardised format.
59
ENERGY EFFICIENCY MADE SIMPLE 2015