Safety over EtherCAT

What is Safety Over EtherCAT?

Functional safety is an integral part of modern network architectures and communication systems. EtherCAT offers the possibility of safety-related data transmission in parallel with standard data on the same network with the help of the Safety over EtherCAT protocol (FSoE = FailSafe over EtherCAT). With Safety over EtherCAT, the communication system is part of a Black Channel maintained by our EtherCAT master. Safety over EtherCAT is a certified technology developed according to IEC 61508 and standardized internationally in IEC 61784-3. The safety data is embedded in the standard process data as a container combined with additional data (CRCs, Connection IDs, etc) for its integrity. The safety connection between the FSoE (Safety) master and an FSoE slave is fully monitored in each safety cycle: The checksum of the safety frames, the connection ID and also a watchdog time for each FSoE frame transmission are all checked.

Why would I want to use Safety Over EtherCAT?

There are many ways to make your machine safe. Choosing the high international standard of IEC 61508 will meet the most discerning requirements of customers and governments. Safety controllers and modules have already gone through the process of certifying their devices to the standard so you don't have to go through the process for your self created safety design. Even if you don't have specific requirements to hit, you can feel confident in using a rigorously tested system. It could also help from a sales point perspective.

How do I use Safety Over EtherCAT?

We support the Beckhoff EL6910 TwinSAFE Safety Controller. Please contact us if you have another Safety Master that you want to use. Beckhoff have extensive documentation on their products at https://www.beckhoff.com/en-us/products/automation/twinsafe/.
    Create a Safety Program
While you don't need TwinCAT on your production machine, the EL6910s programming interface is currently linked to their IDE. You will use it to pick and associate all the Safety Function Blocks with your desired intent. We can answer questions and offer suggestions but ultimately the Safety Program will need to be designed to meet your application needs.
    Create Safety.xml
Once you have created your Safety Program, we can take the exported eni file to create Safety.xml. This will contain all the details about the FSoE BlackChannel and Interactions you want with the Safety system. We have 3 dedicated controls (Run, ErrAck, and Reset) that we expect, but you can define others to suit your application needs. We also support user created Safety Results that are output from the overall Safety Program. We will create this file for you when you've completed your Safety Program.
    Using Safety over EtherCAT
You will use the Run to determine when you want your safety system active. ErrAck stands for Error Acknowledgement. It signals to the safety blocks that the user or program is aware of a fault. Reset is used to reactivate the safety blocks. You toggle ErrAck and Reset ON, then OFF when you want to use their features. Run is expected to be on at all times you wish the program active.
You can add or remove nodes to the end of the network that aren't relevant to your safety program without the need to modify the Safety Program or Safety.xml. Adding extra axes or non-safety IO should not affect you later in the design.
Last modified 2mo ago