Fail Safe over EtherCAT (FSoE) is a transmission scheme for safety data over EtherCAT using an FSoE master and FSoE slaves. In each FSoE cycle, the master sends its Safety PDU (Protocol Data Unit) to the slave, concurrently starting a watchdog timer. The slave verifies and calculates the data received prior to returning it to the master. In this case, the slave also starts a watchdog timer. The master receives and processes the data as described for the slave, stopping the watchdog timer. Only when this cycle is completed, the master generates a new Safety PDU. Due to this mechanism, safe communication always depends on the hardware and topology used.
The address relation between a master and a slave is called “FSoE- Connection”. It is characterized by a unique Connection ID. The 16-bit Connection-ID is transferred by the master to the individual slaves. Users need to take measures to ensure providing each slave with a unique ID. For correct identification of the ramp-up sequence, both
the master and the slave generate a “Sequence Number” ranging from 0 to 65535 for every message. This ensures that only currently valid messages are processed. Addressing of the individual devices requires designation of unique Node numbers by hardware setting using DIP switches. Each FSoE master includes an “FSoE master Handler”, which communicates with a slave through an “FSoE slave Handler”. Optionally, an additional “FSoE slave handler” that can be implemented in the master allows communication between different masters within a network. For safeguarding the PDUs to transfer, for every 2 bytes of Safety Data, a CRC 16 is used. This implies that for a 10 Byte transfer, a CRC 16 is applied five times.
Parameter setting as such is not specified. The parameterization process needs to be part of the user-programmed application software. While the FSoE specification does detail the required parameters, users need to ensure for the individual FSoE slaves to receive their correct parameters.