PAC State Versus Hot Standby System State

The state of the Hot Standby system depends on the operating state of the PAC. These Hot Standby states are supported:

This list describes the Hot Standby states:

• Primary: The PAC controls all system processes and devices:

  • It executes program logic in a non-safety PAC, and both process and safety program logic in a safety PAC.

  • It receives input from, and controls output to, distributed equipment and RIO drops.

  • If connected to a PAC in standby state, the primary PAC checks the status of, and exchanges data with, the standby PAC.

  In a Hot Standby network, both PACs can be primary if both the Hot Standby and Ethernet RIO links are not functioning. When either of these two links is restored, the PAC does one of the following:

  • Remains in the primary state.

  • Transitions to the standby state.

  • Transitions to the wait state.

• Standby: The standby PAC maintains a state of readiness. It can take control of system processes and devices if the primary PAC cannot continue to perform these functions:

  • It reads the data and the I/O states from the primary PAC.

  • It does not scan distributed equipment, but receives this information from the primary PAC.

  • It executes program logic. You can configure the standby PAC to execute:

    - The first section of program logic (the default setting); or

    - Specified sections of program logic, including all MAST and FAST task sections.

    NOTE: You can specify if a section is to be executed in the Condition tab the Properties dialog for each section.

  • On each scan, it checks the status of the primary PAC.

  NOTE: When a PAC is in Standby mode, both the module health status (MOD_HEALTH) and the channels health status (CH_HEALTH) of safety I/O modules are set to FALSE in the Standby PAC DDDT. In this case, you can diagnose the health of safety I/O modules by monitoring their status in the Primary PAC DDDT.

• Wait: The PAC is in RUN mode, but cannot act as either primary or standby. The PAC transitions from the wait state to either the primary or standby state, when all preconditions for that state exist, including:

  • The state of the Hot Standby link.

  • The state of the Ethernet RIO link.

  • The presence of at least one connection with an Ethernet RIO drop.

  • The position of the A/B rotary selection switch on the rear of the CPU.

  • The state of the configuration. For example:

    - If a firmware mismatch exists, the FW_MISMATCH_ALLOWED flag is set.

    - If a logic mismatch exists, the LOGIC_MISMATCH_ALLOWED flag is set.

  In the wait state, the PAC continues to communicate with other modules on the local rack, and can execute program logic, if configured to do so. You can configure a PAC in wait state to execute:

  • Specific sections of program logic in a non-safety PAC (or process program logic in a safety PAC), specified in the Condition tab of the Properties dialog for each section.

  • The first section of program logic in a non-safety PAC (or the first section of process program logic in a safety PAC).

  • No program logic for a non-safety PAC (or no process program logic for a safety PAC).

• INIT: Both the PAC and the Hot Standby system are initializing.

• STOP: The PAC is in STOP mode. On the STOP to RUN transition, the PAC may move to the wait, standby, or primary state. This transition depends on the state of the Ethernet RIO and Hot Standby links, and on the position of the A/B rotary selection switch on the rear of the CPU.

PAC Functions by Hot Standby System State

A PAC performs these functions, depending on its Hot Standby state: