Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC PAS 62633: Fieldbus Profiles for Real-Time Networks — SNpTYPE (SafetyNET p)
IEC PAS 62633:2009 defines communication profile family SNpTYPE (SafetyNET p) for real-time Ethernet (RTE) networks based on ISO/IEC 8802-3 (IEEE 802.3). This publicly available specification was developed to address the growing demand for deterministic, safety-capable industrial Ethernet communication in factory automation and process control applications.
Context: SafetyNET p is a real-time Ethernet protocol designed for safety-related applications up to SIL 3 according to IEC 61508, combining standard Ethernet hardware with a software-based safety layer for cost-effective functional safety.
1. Communication Profiles Overview
The standard defines two communication profiles (CP) within the SNpFAMILY:
| Feature | CP SNpFAMILY/1 | CP SNpFAMILY/2 |
|---|---|---|
| Physical layer | 100BASE-TX (100 Mbps) | 100BASE-TX, 1000BASE-T |
| Topology | Line, star, ring | Star, ring |
| RTE cycle time | Minimum 125 us | Minimum 31.25 us |
| Jitter | < 3 us | < 1 us |
| Safety protocol | SafetyNET p (SIL 3) | SafetyNET p (SIL 3) |
| Number of nodes | Up to 256 | Up to 512 |
| Clock synchronization | IEEE 1588 (PTP) slave | IEEE 1588 boundary clock |
2. Protocol Architecture
2.1 Physical and Data Link Layers
Both profiles use standard Ethernet physical layers but implement a software-defined data link layer that provides deterministic behaviour through time-division multiple access (TDMA) or master-slave scheduling. The data link layer handles:
- Real-time frame scheduling with guaranteed delivery times
- Priority management for safety-critical and non-safety data
- Redundancy management for ring topologies
- Error detection and fault confinement
2.2 Application Layer
The application layer provides:
- Safety communication: Black channel principle per IEC 61784-3, with safety integrity maintained regardless of the underlying network
- Process data objects (PDO): Cyclic exchange of time-critical I/O data
- Service data objects (SDO): Acyclic configuration and parameterization services
- Network management: Device discovery, diagnostics, and configuration
Safety Principle: SafetyNET p uses a “black channel” approach where the safety layer is independent of the underlying network. This means standard Ethernet components can be used in safety-critical paths, significantly reducing system cost while maintaining SIL 3 integrity.
3. Performance Indicators and Conformance Testing
The standard specifies performance indicators for each profile, including:
| Indicator | Description | Measurement Method |
|---|---|---|
| Throughput RTE (TRTE) | Data throughput for real-time Ethernet traffic | Network analyser with timestamping |
| Non-RTE bandwidth | Available bandwidth for standard IP traffic | Difference from total bandwidth |
| Delivery time | Maximum latency from sender to receiver | End-to-end latency measurement |
| Jitter | Variation in delivery time between successive cycles | Statistical analysis of timestamps |
| Clock synchronisation accuracy | Deviation between device clocks | IEEE 1588 offset measurement |
Design Consideration: The non-RTE bandwidth is the difference between overall bandwidth and the RTE throughput. Engineers must carefully provision network capacity to ensure that standard TCP/IP traffic does not starve real-time communication. In CN SNpFAMILY/1, at least 30% of bandwidth should be reserved for non-RTE traffic in mixed-traffic applications.
Engineering Design Insights
- Topology affects determinism — ring topologies provide redundancy but introduce deterministic latency through each hop; star topologies minimize jitter but have a single point of failure at the switch
- Clock synchronization is critical — for synchronized motion control (e.g., multi-axis drives), IEEE 1588 boundary clocks in switches are necessary; the number of transparent clock hops between devices must be bounded
- Safety and standard traffic coexistence — safety-critical data must be prioritized at the switch level; using VLAN tagging (IEEE 802.1Q) and priority queuing ensures safety messages meet timing requirements
- Cable plant planning — while copper (100BASE-TX) is cost-effective for short runs, fibre optic links are recommended for runs over 100 m or in high-EMI environments to maintain signal integrity
- Conformance testing essential — interoperability between SafetyNET p devices from different vendors requires rigorous conformance testing against the profile specifications; the dependency matrices in the standard define which features must be tested together
FAQs
Q: What is the difference between SNpFAMILY/1 and SNpFAMILY/2?
A: Profile 1 targets applications with moderate real-time requirements (125 us cycle time) using 100 Mbps Ethernet with line, star, or ring topologies. Profile 2 addresses high-performance applications with cycle times down to 31.25 us, requiring Gigabit Ethernet and star/ring topologies with IEEE 1588 boundary clock support.
Q: How does SafetyNET p achieve SIL 3?
A: SafetyNET p uses a functional safety protocol on top of standard Ethernet, employing a “black channel” approach where the safety layer independently checks data integrity through CRC checks, sequence numbering, time expectations, and cross-checks between two communication channels (white and black channels).
Q: Can SafetyNET p coexist with standard Ethernet devices on the same network?
A: Yes. The protocol is designed for mixed-traffic environments. Standard TCP/IP devices share the same physical network, with priority queuing ensuring that real-time safety traffic is not delayed by non-time-critical data transfers.
