rupej said:
...If the drive doesn't receive a message within the timeframe that you specify, it faults...
This is the key factor here...
When asserting Start/Stop commands, using Explicit messaging, you must initialize the communications adapter's timeout value before issuing any commands, each and every time. This is because the default value is "0" which effectively disables the timeout i.e. no commands will be accepted by the adapter. However, in setting this value, you must allow a minimum ammount of time for the program to scan, enable, queue, buffer and transmit the MSG instruction's data, or error after the MSG instruction's own timeout.
Due to the inherent delays in using MSG instructions, which must go through the above process within the program's scan time, the recommended value of 5 - 20 seconds should be set for the communications adapter's timeout value. That is 5 seconds minimum. This is recommended so as to avoid nuiscance timeouts which can often occur when using synchronous communication methods.
In cases where there is a larger program with a somewhat slower scan time, or a lot of messaging is used, or both, then a user may have to increase the minimum 5 seconds considerably higher to avoid nuiscance timeouts.
In all cases, other factors are determining what timeout value needs to be used. This may be fine for many applications. However, for some applications, this order of timeout may be unacceptable. Unacceptable from either a control point of view, or a safety point of view, or both.
For instance, if asserting a Stop to a drive and a 5 second timeout, or greater, has been set in the adapter, and the MSG instruction errors; then this delay in waiting for the drive to fault and react may take too long for some applications and cause damage and/or create a hazard.
If a risk assessment required a timely and controlled Stop, using a deterministically failsafe method, then Explicit messaging would not be permitted. Implicit control of the drive would be required. This would involve using a Logix 5000 processor and having the drive within the I/O configuration and under the control of a Scanner. The connection to the drive would be configured to fault on loss of communications. The watchdog timeout value for this connection would be in the order of 100 milliseconds. Neither the program's logic nor the program's scan time is affecting this watchdog. It is fixed, determinate and failsafe.
It really is down to the level of assessed risk involved in an application should control over the drive be lost.
Regards,
George