Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC TR 63123: Industrial Communication Networks — High Availability Automation Networks
Comprehensive guidance on designing five-nines availability automation networks using PRP, HSR, MRP, and other redundancy protocols for industrial communication.
1. Scope and Motivation for IEC TR 63123
IEC TR 63123 provides comprehensive guidance on designing and implementing high-availability (HA) automation networks for industrial communication systems. In modern manufacturing and process control environments, network downtime directly translates to production losses, safety risks, and significant financial impact. This technical report addresses network architectures, redundancy protocols, fault-tolerant topologies, and validation methodologies that enable automation networks to achieve availability levels of 99.999% (five nines) or higher.
The report covers both wired (Ethernet-based, PROFINET, EtherNet/IP, EtherCAT) and wireless (Industrial Wi-Fi, 5G URLLC) communication technologies. It is applicable to discrete manufacturing (automotive assembly lines, electronics production) and continuous process industries (oil and gas, chemical processing, power generation).
A five-nines availability target allows only about 5 minutes of downtime per year. Achieving this in an industrial network requires careful architectural planning, redundant hardware, and rigorous testing — it does not happen by accident.
2. High-Availability Network Topologies and Redundancy Mechanisms
The standard describes several HA topologies. The most commonly recommended is the parallel redundancy protocol (PRP) based on IEC 62439-3, where each device is connected to two independent networks (LAN A and LAN B). Frames are sent simultaneously on both networks, and the receiving node discards duplicates. This provides zero recovery time in the event of a single network failure.
| Redundancy Protocol | Recovery Time | Topology | Best Use Case |
|---|---|---|---|
| PRP (Parallel Redundancy Protocol) | 0 ms | Dual star / dual ring | Process control, substation automation |
| HSR (High-availability Seamless Redundancy) | 0 ms | Ring (Danby) / mesh | Mission-critical factory cells |
| MRP (Media Redundancy Protocol) | <200 ms | Ring | Standard factory automation |
| RSTP (Rapid Spanning Tree Protocol) | <10 s (typical 1–2 s) | Mesh / tree | Non-time-critical plant networks |
| DRP (Distributed Redundancy Protocol) | <10 ms | Ring | High-performance motion control |
For wireless networks, the report recommends redundant access point coverage with seamless roaming (IEEE 802.11r) and dual-band operation (2.4 GHz and 5 GHz) to mitigate interference. In 5G URLLC deployments, network slicing and redundant user-plane paths provide carrier-grade availability.
A common pitfall in HA network design is neglecting the single point of failure in the power supply infrastructure. Even the most redundant network topology is useless if both switches lose power simultaneously. Always implement dual redundant power feeds with battery-backed UPS, and preferably feeds from separate electrical subpanels.
3. Network Design Methodology and Engineering Insights
The report introduces a structured methodology for HA network design. The first step is a business impact analysis to determine the required availability level for each automation zone. This is followed by a network risk assessment identifying single points of failure, a topology selection based on the required recovery time and budget constraints, and finally a validation phase using fault injection testing.
Key engineering recommendations include: maintaining a minimum of 20% spare capacity on all backbone links to accommodate future growth; using link aggregation (LACP) where redundant links are needed but zero-recovery-time is not required; implementing network management with SNMPv3 and syslog for proactive fault detection; and deploying network time synchronization using IEEE 1588 PTP (Precision Time Protocol) to ensure coordinated event logging across all devices.
The report also addresses software-defined networking (SDN) as an emerging approach for industrial HA networks. SDN enables centralized network control with fast failover through pre-computed flow tables, achieving recovery times comparable to PRP in some configurations while reducing hardware cost.
One of the most cost-effective HA strategies is to adopt a dual-ring topology with MRP. It provides sub-200 ms recovery time at a fraction of the cost of PRP, and is supported by most industrial Ethernet switches. For applications that can tolerate 200 ms of data interruption, MRP is often the optimal balance of cost and availability.
4. Frequently Asked Questions
Q: What is the difference between PRP and HSR?
A: PRP uses two independent networks (separate switches, cabling), while HSR uses a single ring where each node forwards frames. PRP is more expensive but offers better fault isolation; HSR is more cost-effective for smaller rings.
A: PRP uses two independent networks (separate switches, cabling), while HSR uses a single ring where each node forwards frames. PRP is more expensive but offers better fault isolation; HSR is more cost-effective for smaller rings.
Q: Can existing non-HA networks be upgraded to high availability?
A: Yes, but the feasibility depends on the existing devices. PRP requires DAN (Dual Attached Node) capability at each device. If devices only have a single network port, redundancy must be implemented at the network level using MRP or RSTP.
A: Yes, but the feasibility depends on the existing devices. PRP requires DAN (Dual Attached Node) capability at each device. If devices only have a single network port, redundancy must be implemented at the network level using MRP or RSTP.
Q: How does high availability affect network security?
A: Redundant paths can increase the attack surface. The report recommends implementing redundant firewalls in active-standby mode with stateful failover, and using MACsec (IEEE 802.1AE) for link-layer encryption on redundant links.
A: Redundant paths can increase the attack surface. The report recommends implementing redundant firewalls in active-standby mode with stateful failover, and using MACsec (IEEE 802.1AE) for link-layer encryption on redundant links.
Q: What availability level is appropriate for a typical factory?
A: Most factory automation applications achieve satisfactory operation with 99.99% availability (about 53 minutes downtime per year). Five-nines (99.999%) is typically reserved for safety-critical and high-value continuous process applications.
A: Most factory automation applications achieve satisfactory operation with 99.99% availability (about 53 minutes downtime per year). Five-nines (99.999%) is typically reserved for safety-critical and high-value continuous process applications.
