Connected Industrial
Robust, Reliable, and Secure
Process Control Networking
White Paper
Honeywell Fault Tolerant Ethernet
Why FTE?
Honeywell Fault Tolerant Ethernet (FTE) is Honeywell
FTE was developed in response to a need for a
invented protocol that has been standardized by the
high speed and reliable Ethernet network for
International Electrotechnical Commission (IEC) 62439.
FTE provides Ethernet communication redundancy for the
mission critical monitoring and control
operations. Even though standards have since
been developed for IT Ethernet networks via
Experion process control network. It relies on Honeywell
rapid spanning tree there are many scenarios
software in PCs, servers, and embedded devices while
where manufacturer interpretation of the
leveraging cost effective common off the shelf (COTS)
networking equipment to provide process control
standard as well as edge cases can result in an
unacceptable gap in communication (around 30
seconds) during or recovering from a network
communication that is fault tolerant, responsive,
fault that would result in a loss of view or control.
deterministic, and secure. FTE is fully compatible with
Other redundancy implementations such as NIC
Foundation Fieldbus High Speed Ethernet (HSE) network
(network interface card) teaming vary vendor to
redundancy and IEC 62439. The illustration below depicts a
basic Honeywell Experion system using FTE, while the rest of
vendor, often require more than 2 NIC cards, and
have implementations that cannot detect or
mitigate network failures depending on location
the document describes the significant advantages of FTE
in the network. Furthermore, unlike other IEC
and how they are achieved.
62439 protocols, FTE has the ability to provide
Level 3
ESF
ACE
fault scenarios. FTE can also connect directly to
Optional HSRP
Router
Router
ESC
Level 2
protection for single attached nodes in certain
Experion
Server
EST
ESV
Safety
Manager
Terminal
Server
routers where others need additional equipment.
Domain
Controller
With FTE Honeywell has designed a network
LCN
Qualified Switches
specifically with mission critical control traffic in
mind that takes the advantages of Ethernet
while providing robust and fast fault tolerance,
Level 1
deterministic behavior, and network security.
Additionally, FTE is transparent to all
applications running on a device, providing
applications all the robustness of FTE without
Honeywell Fault Tolerant Ethernet Network
requiring any modification.
Fault Tolerance
Deterministic
With FTE there is no single point of failure on the
Determinism in control systems means that the data always arrives within the
network that results in a loss of Ethernet
communication between FTE devices. Each FTE
device has two Ethernet connections while only
using a single network IP address. When
combined with the Experion network topology
this provides for four possible paths between two
FTE devices (A-A through the A switch, B-B
through the B switch, A-B through the FTE
crossover, and B-A through the FTE crossover).
sample period of a control module. FTE achieves determinism even with the
use of COTS equipment by implementing a best practices topology and
making use of switched network features such as Quality of Service (QoS).
QoS allows Honeywell to prioritize control and view traffic to ensure that it is
delivered. By controlling other switch characteristics such as spanning-tree
Honeywell is also able to predict how the Ethernet network will react to
different faults and any actions the switch will take on fault recovery.
Honeywell also is able to attain determinism by understanding and planning
for the amount of network communication on the process control network. On
a full capacity system (330 FTE devices) average network bandwidth is around
5Mbps (megabits per second), so a 100 Mbps Ethernet network allows for a
Experion
Console Station
large amount of reserve bandwidth. In order to maintain large reserve
bandwidth Experion systems with virtual machines Honeywell has qualified 1
gigabit per second (Gbps) connections for virtual machine hosts.
FTE A
FTE
Switch A
FTE B
FTE
Switch B
FTE
Crossover
FTE A
FTE B
Secure
The Honeywell FTE network is a high security network that complies with the
Industrial Automation and Control Systems Security standards (ISA SP99).
Honeywell C300
controller and
FIM4 connected to
Control Firewall
The network is designed in levels which allows for the compartmentalization
of data flow following the zones and conduits model of ISA99 and enabling
protection at each level boundary. The most critical traffic used for direct
control is at the lowest depth which affords it the greatest protection.
Level
Node Descriptions
active at all times. By doing this and not utilizing
Level 4
Plant Level Applications
a switch-over/fail-over methodology FTE is able
Level 3
Advanced Control and Advance Applications (Non-Critical
Control Applications)
Supervisory Control, Operator HMI (HMI, and Supervisory
Both FTE Ethernet adapters on a given node are
to determine the best communication path for
each individual packet of data for each individual
Level 2
Controllers)
FTE device on the network. When a fault occurs
in the network FTE is able to detect and mitigate
Level 1
Real Time Control (controllers and IO)
faults usually within 1 second, and some within 1
millisecond. The worst case is within 2 seconds.
In addition to the network design, the Honeywell FTE network is continually
These faults are reported to the user through
being evaluated and being refined with network security features for
alarms and events allowing the quick
authentication, encryption, and access control. This includes IPsec,
identification and resolution of network fractures.
specialized devices such as the Honeywell Modbus TCP Firewall, and methods
for securely communicating between the Experion network and other non-
FTE devices also track and determine the best
path available for nodes with a single Ethernet
FTE networks.
connection that do not utilize FTE. When an FTE
Self-reliance with off the shelf components
device detects a fault in the network it attempts
FTE has complete responsibility for the redundancy operation and Honeywell
to determine which of its two adapters can still
communicate with the non-FTE device and then
will continue to communicate with that device if
possible.
has complete control of FTE. This is essential in a critical control environment.
In addition Honeywell extensively tests and qualifies off the shelf networking
equipment from vendors such as Cisco and HP. This ensures that specified
hardware and firmware versions operate to the demanding standards of the
process control network. By following Honeywell Experion Network Best
Practices and using qualified equipment sites are provided with a network
with well-known and understood characteristics that has been thoroughly
tested in the presence of faults to perform the critical control mission.
- PAGE 2 -
Virtualization
Sustainability
As with security the Honeywell Experion network is perpetually being
Through FTE Honeywell has been able to allow
assessed for supporting new technologies and requirements for process
customers with installed capital investments in
control networks such as virtualization. The Honeywell network design
the Honeywell Universal Control Network based
realizes the criticality of virtual management traffic by creating a secure
on the IEEE 802.4 (Coax) Token bus network to
management network that still allows for efficient site management and
be modernized, integrate and interoperate with
configuration of the system. Furthermore, the FTE network understands
Experion, and facilitate plant expansions. This is
and allows for the increased bandwidth demands of physical hosts as well
known as the Honeywell Enhanced Universal
as the use of thin clients. In the diagram below redundant level 2.5 routers
Control Network (EUCN) and it allows customers
have been added to provide a secure management network that can be
to take full advantage of not only FTE's fault
shared between multiple FTE communities. The thin clients have direct FTE
tolerance but also the performance, determinism,
connections and VMware hosts also have 1 Gbps FTE connections that are
and security required for new devices and
used by the virtual images.
applications. Moreover, this commitment to
support Honeywell customers and their
intellectual investments continues to evolve with
Honeywell’s Experion Local Control Network
(ELCN). Currently under development, this
solution will allow customers to unify TotallPlant
Solution (TPS)/Total Distributed Control (TDC)
solutions with Experion PKS.
In Conclusion
Honeywell FTE technology is an integral part of
the Experion distributed control system and
designed to provide customers with a
deterministic and redundant process control
network without requiring more than common
networking equipment. It provides a robust
reliable backbone for security and fault tolerance
that enhances the user’s ability to perform the
Experion Network for Virtual Solution
critical control mission.
For More Information
Learn more about how Honeywell’s Fault
Tolerant Ethernet can improve Process Control
Networking, visit Experion and EUCN or ELCN
pages or contact your Honeywell Account
Manager Distributor or System Integrator.
Honeywell Process Solutions
1250 West Sam Houston Parkway South
Houston, TX 77042
Honeywell House, Arlington Business Park
Bracknell, Berkshire, England RG12 1EB UK
Shanghai City Centre, 100 Zunyi Road
Shanghai, China 200051
www.honeywellprocess.com
WP-16-07-ENG
June 2016
© 2016 Honeywell International Inc.
- PAGE 3 -