Safety over EtherCAT (FSoE)

Modern communication systems not only realize the deterministic transfer of control data, they also enable the transfer of safety-critical control data through the same medium. EtherCAT utilizes the protocol Safety over EtherCAT (FSoE, Fail Safe over EtherCAT) for this very purpose and so allows:

  • A single communication system for both control and safety data
  • The ability to flexibly modify and expand the safety system architecture
  • Pre-certified solutions to simplify safety applications
  • Powerful diagnostic capabilities for safety functions
  • Seamless integration of the safety design in the machine design
  • The ability to use the same development tools for both standard and safety applications

Safety over EtherCAT enables simpler and more flexible architectures than with relay logic.

The EtherCAT safety technology was developed according to IEC 61508, is TÜV certified, and is standardized in IEC 61784-3. The protocol is suitable for safety applications with a Safety Integrity Level up to SIL 3.

With Safety over EtherCAT, the communication system is part of a so-called Black Channel, which is not considered to be safety relevant. The standard communication System EtherCAT makes use of a single channel to transfer both standard and safety-critical data. Safety Frames, known as Safety Containers, contain safety-critical process data and additional information used to secure this data. The Safety Containers are transported as part of the communication’s process data. Whether data transfer is safe does not depend on the underlying communication technology, and isn’t restricted to EtherCAT; Safety Containers can travel through fieldbus systems, Ethernet or similar technologies, and can make use of copper cables, fiber optics, and even wireless connections.

The Safety Container is embedded in the cyclical communication’s process data.

Due to this flexibility, safely connecting different parts of the machine becomes more simple. The Safety Container is routed through the various controllers and processed in the various parts of the machine. This makes emergency stop functions for an entire machine or bringing targeted parts of a machine to a standstill easily possible – even if the parts of the machine are coupled with other communication systems (e.g. Ethernet).

Implementing the FSoE protocol in a device requires little resources and can lead to a high level of performance and correspondingly, short reaction times. In the robotics industries, there are applications that use SoE for safe motion control applications in an 8-kHz closed loop.

Black-Channel-Principle: the standard communication interface can be used.

With the black channel approach even the concatenation of machine parts is possible. The Safety over EtherCAT Frames are routed via the standard communication path on the Process Control level, for example via the EtherCAT Automation Protocol (EAP).

Factory-wide communication of safety data via the EtherCAT Automation Protokoll (EAP).

Further information regarding Safety over EtherCAT can be found witin the Download Section.