Hot Standby State Assignments and Transitions

Hot Standby State Assignments

The purpose of assigning start-up states to Hot Standby PACs is to avoid the situation where two PACs simultaneously assume the role of primary and simultaneously attempt to drive the state of remote outputs. Assignment of the primary and secondary roles for PACs is determined by the following factors:

The health of the Hot Standby link between the PACs.
The health of the Ethernet link between the PACs over the Ethernet RIO main ring.
The existence of one or more Ethernet connections between each PAC and configured devices via the Ethernet RIO main ring.
The online state of PAC A and PAC B.
The A/B/Clear rotary switch selection on the rear of the CPU.
The PAC state (RUN or STOP).

The following matrix describes Hot Standby state assignments for paired PACs during several start-up and run-time scenarios:

Network preconditions				Initial state		Final state
EIO link1	RIO device connections2		Hot Standby link	PAC_A	PAC_B	PAC_A	PAC_B
EIO link1	PAC_A	PAC_B	Hot Standby link	PAC_A	PAC_B	PAC_A	PAC_B
OK	OK	OK	OK	Starting	Starting	Run Primary3	Run Standby
OK	OK	Not OK	OK	Starting	Run Primary	Run Primary4	Wait
OK	Not OK	OK	OK	Starting	Starting	Wait	Run Primary4
OK	OK	OK	OK	Run Primary	Starting	Run Primary	Run Standby
OK	OK	OK	OK	Starting	Run Primary	Run Standby	Run Primary
OK	OK	OK	Not OK	Run Primary	Starting	Run Primary	Wait
OK	OK	OK	Not OK	Starting	Starting	Run Primary	Wait
OK	OK	OK	Not OK	Starting	Run Primary	Wait	Run Primary
OK	Not OK	Not OK	OK	Starting	Starting	Run Primary	Run Standby
OK	Not OK	Not OK	OK	Run Primary	Starting	Run Primary	Run Standby
OK	Not OK	Not OK	OK	Starting	Run Primary	Run Standby	Run Primary
Not OK	Not OK	Not OK	OK	Starting	Starting	Run Primary	Run Standby
Not OK	Not OK	Not OK	OK	Run Primary	Starting	Run Primary	Run Standby
Not OK	Not OK	Not OK	OK	Starting	Run Primary	Run Standby	Run Primary
Not OK	OK	OK	Not OK	Starting	Starting	Run Primary	Run Primary
Not OK	OK	OK	Not OK	Run Primary	Starting	Run Primary	Run Primary
Not OK	OK	OK	Not OK	Starting	Run Primary	Run Primary	Run Primary
Not OK	Not OK	Not OK	Not OK	Starting	Starting	Run Primary3	Run Primary3
Not OK	Not OK	Not OK	Not OK	Run Primary	Starting	Run Primary3	Run Primary3
Not OK	Not OK	Not OK	Not OK	Starting	Run Primary	Run Primary3	Run Primary3
1.The supplementary link between PAC A and PAC B over the RIO or DIO ring. 2. The connection between a PAC and RIO drop over the ERIO network. OK indicates the CPU recognizes at least one drop. Not OK indicates the PAC recognizes no drops for 3 seconds. 3. Priority is given to PAC designated “A” via A/B rotary selection switch on the rear of the CPU. 4. Priority is given to PAC that recognizes at least one RIO drop.

Hot Standby PAC State Transitions During Operations

A PAC in a Hot Standby system transitions between states in the following circumstances:

Transition	This transition occurs when...
Wait to Standby	All of the following exist: PAC is in RUN state. PAC is operating online. Connected to a primary PAC via a Hot Standby link. All other preconditions for standby state exists, for example: Firmware mismatch is allowed, if a firmware mismatch exists. Logic mismatch is allowed, if a logic mismatch exists. Online modifications are allowed, if modifications have been made.
Wait to Primary	All of the following exist: PAC is operating online. PAC is allowed to enter primary state (PAC transitions from STOP to RUN, or warm start in RUN). PAC is controlling the Ethernet RIO link, or connected via the Hot Standby link to a counterpart PAC that is not in RUN state.
Standby to Primary	One of the following exists: The counterpart PAC enters wait or standby state. Communication with the counterpart PAC is interrupted on both the Ethernet RIO link and the Hot Standby link. The counterpart PAC is in primary state and receives a swap command.
Standby to Wait	The following exists: Communication is interrupted with the counterpart PAC over the Hot Standby link for more than 3 seconds. The ERIO link between the 2 PACs remains OK. Online modification mismatch is not allowed, if modifications have been made. Firmware update is not allowed, if a firmware update exists. For safety PACs only: Online modification mismatch is allowed, if modifications have been made in the safe part of the application (SAFETY_LOGIC_MISMATCH = 1) and maintenance mode has not been set on either the Primary PAC or Standby PAC (i.e. each PAC is operating in safety mode).
Primary to Wait	One of the following exists: The PAC has lost communication with all (e)X80 EIO adapter modules, and the counterpart PAC is in standby state and continues to communicate with at least one (e)X80 EIO adapter module. The PAC is designated “B” via the A/B/Clear rotary selector switch, and the counterpart PAC (also designated as “B”) is in primary state.
Primary to Standby1	One of the following exists: During operations, all of the following occur: The primary PAC is disconnected from all (e)X80 EIO adapter modules. The standby PAC remains connected to at least one (e)X80 EIO adapter module. The Hot Standby link between PAC A and PAC B remains healthy. The primary is in Halt (because at least one task is in Halt) and the counterpart PAC is in Standby state with all tasks in RUN. The primary PAC receives a swap command, and the counterpart PAC is in standby state. All other preconditions for standby state exists, for example: Firmware mismatch is allowed, if a firmware mismatch exists. Logic mismatch is allowed, if a logic mismatch exists. Online modifications are allowed, if modifications have been made.
Primary/Standby/Wait to Stop	The PAC transitions from RUN to STOP state.
1. While the PAC is switching from Primary to Standby state, the PAC will pass to an intermediate Wait state for a duration of at least one cycle.