Method for enacting failover of a 1:1 redundant pair of slave processors
First Claim
Patent Images
1. A method for accomplishing a failover in a process control system, the process control system having a master controller operatively connected to a communication link;
- and at least one pair of slave input/output processors IOPs), each IOP being operatively connected to the communication link wherein a first IOP of the pair is a primary slave IOP and a second IOP of the pair is a secondary slave IOP, the first and second IOP having a first and second data base, respectively, the first and second IOP each executing the same tasks utilizing a first and second clocking system, respectively, and further wherein the data bases of the first and second IOPs are synchronized, communications by the master controller being made only to the first IOP including communications which modify the first data base, the first and second IOPs being unable to communicate with each other, and further wherein the first and second IOPs are each operatively connected to an output switching device such that control of said output switch device is coordinated between said first and second IOP, and wherein each of said first and second IOP can sense a state of an output control signal from the other IOP to said output switching device, the method for accomplishing a failover, comprising the steps of;
the primary slave IOPa) upon detecting an error, verifying the availability of a secondary slave IOP;
b) setting the output control signal to indicate backup is being requested;
c) taking itself out of being the primary slave IOP;
the secondary slave IOPd) sensing that the output control signal from the other IOP of the pair of IOPs has been set indicating that the primary slave IOP has detected a failure;
e) assuming the role of the primary slave IOP;
the master controllerf) detecting an error with the primary slave IOP;
g) interrogating the primary and secondary slave IOPs for a status input;
h) arbitrating between the first and second IOP to determine the IOP that is to take on the primary role; and
i) awarding the more operational IOP the role of the primary slave IOP, thereby completing the failover operation.
0 Assignments
0 Petitions
Accused Products
Abstract
A primary slave IOP, upon detecting an error, verifies the availability of a secondary slave IOP, and then sets an output control signal to indicate backup is requested. The primary slave IOP then takes itself out of being the primary. A secondary slave IOP, sensing that the output control signal from the other IOP has been set, assumes the roll of the primary slave IOP. A master controller, detecting an error with the primary slave IOP, interrogates the primary and secondary slave IOPs for a status input, and then arbitrates between the first and second IOP to determine the IOP that is to take on the primary role. Finally the master controller awards the more operational IOP the role of the primary slave IOP, thereby completing the failover operation.
125 Citations
9 Claims
-
1. A method for accomplishing a failover in a process control system, the process control system having a master controller operatively connected to a communication link;
- and at least one pair of slave input/output processors IOPs), each IOP being operatively connected to the communication link wherein a first IOP of the pair is a primary slave IOP and a second IOP of the pair is a secondary slave IOP, the first and second IOP having a first and second data base, respectively, the first and second IOP each executing the same tasks utilizing a first and second clocking system, respectively, and further wherein the data bases of the first and second IOPs are synchronized, communications by the master controller being made only to the first IOP including communications which modify the first data base, the first and second IOPs being unable to communicate with each other, and further wherein the first and second IOPs are each operatively connected to an output switching device such that control of said output switch device is coordinated between said first and second IOP, and wherein each of said first and second IOP can sense a state of an output control signal from the other IOP to said output switching device, the method for accomplishing a failover, comprising the steps of;
the primary slave IOP a) upon detecting an error, verifying the availability of a secondary slave IOP; b) setting the output control signal to indicate backup is being requested; c) taking itself out of being the primary slave IOP; the secondary slave IOP d) sensing that the output control signal from the other IOP of the pair of IOPs has been set indicating that the primary slave IOP has detected a failure; e) assuming the role of the primary slave IOP; the master controller f) detecting an error with the primary slave IOP; g) interrogating the primary and secondary slave IOPs for a status input; h) arbitrating between the first and second IOP to determine the IOP that is to take on the primary role; and i) awarding the more operational IOP the role of the primary slave IOP, thereby completing the failover operation. - View Dependent Claims (2, 3)
- and at least one pair of slave input/output processors IOPs), each IOP being operatively connected to the communication link wherein a first IOP of the pair is a primary slave IOP and a second IOP of the pair is a secondary slave IOP, the first and second IOP having a first and second data base, respectively, the first and second IOP each executing the same tasks utilizing a first and second clocking system, respectively, and further wherein the data bases of the first and second IOPs are synchronized, communications by the master controller being made only to the first IOP including communications which modify the first data base, the first and second IOPs being unable to communicate with each other, and further wherein the first and second IOPs are each operatively connected to an output switching device such that control of said output switch device is coordinated between said first and second IOP, and wherein each of said first and second IOP can sense a state of an output control signal from the other IOP to said output switching device, the method for accomplishing a failover, comprising the steps of;
-
4. A method for accomplishing a failover, according to step 2, wherein the step of clearing comprises:
clearing a flag internal to the IOP which is utilized internally to the IOP to indicate that it is in a primary role, the flag including the value of the logical address assigned by the master controller to the IOP. - View Dependent Claims (5, 6, 7, 8, 9)
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHoneywell Incorporated (Honeywell International Inc.)
-
Original AssigneeHoneywell Incorporated (Honeywell International Inc.)
-
InventorsMcLaughlin, Paul F., Bristow, Robert W., Kummer, Karl T.
-
Primary Examiner(s)Smith, Jerry
-
Assistant Examiner(s)BROWN, THOMAS
-
Application NumberUS07/588,385Time in Patent Office678 DaysField of Search364/184, 364/185, 364/186, 364/187, 364/130-137, 371/9.1US Class Current700/79CPC Class CodesG06F 11/1679 at clock signal levelG06F 11/2007 using redundant communicati...G06F 11/2017 where memory access, memory...G06F 11/2097 maintaining the standby con...
