Beyond improving quality, uptime, and productivity, functional safety is often a requirement in applications leveraging mobile robotics. While local proximity sensors, E-Stops, safety zones, and safety curtains are often used in AMR applications, a SIL 2 or SIL 3 safety rating for the AMR system as a whole requires the use of a SIL 3-rated safety protocol like CIP Safety or PROFIsafe.
Both CIP Safety and PROFIsafe follow the “black channel principle,” which is described in IEC 61508. The black channel principle specifies that two safety devices must have enough intelligence, and enough diagnostics in their communications, to ensure the communication network between the safety devices has zero impact on the ability of the safety device to detect communication errors. In other words, safety protocols like CIP Safety and PROFIsafe have error detection mechanisms built within the safety protocol itself. These error-detection mechanisms consist of time stamps to ensure packets are not lost, delayed, repeated or out of order, and various identifiers and diagnostics to authenticate and validate the messages.
While the safety protocol and safety devices host the intelligence to ensure the safety of the application, there is a risk that a network device, like a wireless Ethernet radio, could have a negative impact on the timing requirements within the error detection mechanism. In a CIP Safety system, the timing expectation is defined by the Requested Packet Interval (RPI), the Timeout Multiplier, and the Delay Multiplier. In a PROFIsafe system, the timing expectation is defined by the F-Monitoring or PROFIsafe Monitoring time. Regardless of which protocol is being deployed, it is important to configure these parameters to meet both your functional safety requirements and your uptime requirements.