Parallel Redundancy Protocol
The Parallel Redundancy Protocol (PRP) is a standardized Ethernet redundancy protocol defined in IEC 62439-3, designed to deliver high availability in industrial automation networks by enabling nodes to transmit identical data frames simultaneously across two independent local area networks (LAN A and LAN B), thereby achieving seamless failover with zero recovery time upon failure of any single network component.[1] This protocol ensures uninterrupted communication without the need for reconfiguration or spanning tree convergence, making it particularly suitable for time-critical applications such as substation automation and process control systems.[2] PRP operates by classifying network nodes into dually attached nodes (DANs), which possess two physical ports connected to separate LANs and handle duplicate frame transmission and reception; singly attached nodes (SANs), which connect to only one LAN; and redundancy boxes (RedBoxes), which extend PRP support to legacy single-port devices by acting as virtual DANs (VDANs).[3] Each transmitted frame includes a redundancy control trailer (RCT) containing a sequence number, allowing receiving DANs to process the first arriving frame and discard duplicates, thus preventing loops while maintaining data integrity.[2] The protocol supports various topologies, including star, ring, and meshed configurations, and requires switches with a minimum MTU of 1506 bytes to accommodate the additional trailer overhead.[3] Introduced as part of the IEC 62439 series in 2010 and refined through subsequent editions (including the 2021 version), PRP complements other redundancy mechanisms like High-availability Seamless Redundancy (HSR) within the same standard, offering flexibility for mixed environments while prioritizing fault tolerance in sectors such as smart grids, manufacturing, and rail signaling.[1] Its key advantages include tolerance to multiple faults depending on network design and compatibility with protocols like CIP Sync for precise time synchronization, though implementation demands separate physical infrastructures for the two LANs to avoid shared failure points.[2]Overview
Definition and Purpose
The Parallel Redundancy Protocol (PRP) is a layer-2 Ethernet protocol that provides seamless redundancy by duplicating data frames across two independent networks, designated as LAN A and LAN B, to prevent packet loss or delay in the event of a single network component failure.[1][2] Defined in Clause 4 of the international standard IEC 62439-3, PRP operates transparently at the data link layer, ensuring that higher-layer protocols remain unaffected by underlying network disruptions.[1][4] The primary purpose of PRP is to deliver high-availability communication with zero recovery time, or "hitless" redundancy, in applications demanding deterministic and uninterrupted data transmission, such as industrial automation and control systems.[2][5] In environments like process control or power utility automation, where even momentary network interruptions could lead to operational hazards or financial losses, PRP eliminates the need for failover delays by maintaining continuous data flow through parallel paths.[6] It is particularly suited for real-time Ethernet protocols, including PROFINET and EtherNet/IP, enabling reliable performance in mission-critical setups.[2][5] Key benefits of PRP include the elimination of single points of failure through its dual-network architecture, which supports diverse topologies without requiring network reconfiguration during faults, unlike spanning tree-based methods.[4][2] The protocol operates transparently, allowing integration with existing Ethernet infrastructure via specialized nodes or proxy devices, thereby enhancing system resilience while minimizing implementation complexity.[5] At its core, PRP functions by having source nodes transmit identical frames simultaneously over both LANs, with destination nodes accepting the first arriving frame and discarding duplicates identified by a unique redundancy control trailer appended to each frame.[6][4] This mechanism guarantees 0 ms switchover, ensuring no data loss under single-failure conditions.[1]History and Standards
The Parallel Redundancy Protocol (PRP) originated in the early 2000s within the International Electrotechnical Commission (IEC) Technical Committee 65 (TC 65), specifically Subcommittee 65C on Industrial networks, in response to the need for high-availability Ethernet-based communication in industrial automation environments where standard Ethernet's vulnerability to single points of failure posed risks in harsh, real-time applications such as substation automation. Development was led by experts from ABB Switzerland and the Zurich University of Applied Sciences (ZHAW Winterthur), focusing on a layer-2 redundancy mechanism that duplicates frames across two independent networks to achieve zero recovery time without reconfiguration delays.[7] This work built on Ethernet's IEEE 802.3 foundation, addressing limitations in reliability for sectors like power utilities and factory automation.[8] Key milestones include prototype implementations and demonstrations by ZHAW's Institute of Embedded Systems (InES) in 2007, such as integration with IEEE 1588 Precision Time Protocol (PTP) for synchronized networks, presented at the International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS).[9] The protocol's initial formalization occurred with the publication of IEC 62439:2008, which outlined high-availability automation networks, followed by the first dedicated PRP specification in IEC 62439-3:2010 (Edition 1), defining PRP in Clause 4 as a duplication-based redundancy protocol for seamless failover. Subsequent editions advanced the standard: Edition 2 (2012) refined PRP alongside High-availability Seamless Redundancy (HSR); Edition 3 (2016) improved interoperability; and Edition 4 (2021) includes technical revisions for improved interoperability and compatible protocol extensions, with a corrigendum published in 2023.[1][10] Conformance testing requirements are specified in Annex A of IEC 62439-3, ensuring device compliance through interoperability verification. PRP complements IEEE 802.1 standards for Ethernet bridging and management, enabling integration without altering core Ethernet operations.[11] Adoption accelerated post-2010 in Europe, particularly for factory automation and process industries, driven by its inclusion in profiles like PROFINET (via IEC 62439 compliance since around 2010) for zero-downtime communication in manufacturing lines.[12] Globally, expansion occurred through the Open DeviceNet Vendors Association (ODVA), which integrated PRP into the EtherNet/IP specification by Edition 2.0 in 2012, allowing high-availability extensions for the Common Industrial Protocol (CIP).[13] By 2014, CIP enhancements formalized PRP support via dedicated objects for configuration and diagnostics, facilitating broader deployment in North American industrial sectors like utilities and discrete manufacturing.[14]Architecture
Topology
The Parallel Redundancy Protocol (PRP) employs a basic topology consisting of two independent, parallel Ethernet local area networks (LANs) designated as LAN A and LAN B, to which each redundant node connects via dual network interfaces or ports.[3][5] This dual attachment configuration creates a double star or multipoint structure, where nodes communicate over both networks simultaneously without forming rings inherent to PRP itself, thereby isolating failures to a single path while maintaining continuous operation.[15][2] The LANs operate as separate infrastructures, potentially with identical or differing internal layouts, but must share the same IP subnet for nodes to ensure seamless redundancy.[2] Supported configurations in PRP include point-to-point links directly between nodes, as well as tree or mesh topologies spanning the parallel LANs, allowing for flexible network designs in industrial environments.[3][5] Each LAN operates independently as a standard Ethernet network, managed to be loop-free (e.g., via spanning tree protocols or ring configurations), with no cross-connections between LAN A and LAN B to avoid inter-LAN loops and ensure fault isolation.[3][2] Nodes in a PRP topology are classified into redundant types, such as doubly attached nodes (DANs) that connect directly to both LAN A and LAN B for full redundancy, and singly attached nodes (SANs) that attach to only one LAN but can achieve redundancy through proxy devices.[3][5] SANs typically interface via a Doubly Attached Node for HSR/PRP (DANH) or equivalent proxy, such as a RedBox switch, which acts as a virtual DAN (VDAN) by forwarding traffic across both networks on behalf of the SAN.[2][3] PRP topologies scale to support hundreds of nodes per LAN; for example, some implementations, such as Cisco industrial switches, support up to 512 node table entries for combined SANs and DANs, making it suitable for large-scale industrial applications.[3] The design ensures low frame propagation delays, typically in the microsecond range per hop due to standard Ethernet characteristics, enabling real-time performance in mission-critical systems without exceeding thresholds that could impact determinism.[3][16] In a representative diagram of PRP topology, nodes are depicted as DANs with two ports branching to separate LAN A and LAN B paths, forming parallel conduits from source to destination; failure in one path (e.g., a link or switch outage in LAN A) is isolated, as the duplicate frame arrives intact via LAN B, illustrating the protocol's fault tolerance.[5][3]Network Components
The core components of a Parallel Redundancy Protocol (PRP) network are PRP-enabled end nodes, known as Doubly Attached Nodes implementing PRP (DANPs), which are devices such as programmable logic controllers (PLCs) or sensors equipped with dual network interface cards (NICs). These nodes connect simultaneously to two independent local area networks (LAN A and LAN B), enabling the transmission and reception of duplicate Ethernet frames for redundancy.[2][4] Redundancy Interface Functions (RIFs), often implemented in dedicated devices called RedBoxes, are essential for integrating non-PRP-aware equipment into the network. These functions, typically embedded in industrial Ethernet switches or standalone boxes, handle PRP traffic by creating virtual DANPs (VDANs) for legacy single-port devices, allowing them to benefit from redundancy without native PRP support.[2][17] Proxy devices extend PRP compatibility to other redundancy schemes, such as Doubly Attached Nodes for High-availability Seamless Redundancy (DANHs), which connect legacy single-port devices in mixed PRP/HSR environments as defined in IEC 62439-3. Supporting elements include standard Ethernet switches that are non-PRP aware, deployed separately on LAN A and LAN B to forward traffic without requiring specialized redundancy features, as well as media converters to accommodate mixed fiber and copper media.[18][2] All components interconnect by attaching to both LAN A and B, forming parallel paths with no direct cross-connections between the LANs except through DANPs or RIFs, ensuring fault independence. VLAN tagging may be optionally applied for traffic segmentation within each LAN. Components are designed for hot-swappable operation and fault isolation, eliminating single points of failure by leveraging the dual-path architecture for seamless continuity during hardware or link disruptions.[17][4]Protocol Operation
Core Mechanisms
The Parallel Redundancy Protocol (PRP) employs duplex operation, wherein nodes function in a talker-listener mode by transmitting identical Ethernet frames simultaneously across two independent networks, LAN A and LAN B. A talker node duplicates each frame and sends it via both interfaces, while a listener node at the destination accepts the first-received copy for processing and discards any subsequent duplicates to maintain data integrity without interruption.[19] PRP classifies nodes into fully redundant PRP nodes, termed Doubly Attached Nodes (DANs), and non-redundant Singly Attached Nodes (SANs). DANs feature dual network ports connected to both LAN A and LAN B, allowing them to originate and terminate redundant traffic directly. SANs, lacking such dual connectivity, rely on proxy devices known as RedBoxes to replicate and route traffic across the networks transparently. Each node incorporates a local clock to facilitate timing for redundancy operations, such as sequence numbering.[19][20] Redundancy detection in PRP occurs automatically through monitoring for link failures, such as signal loss or disconnections, triggering instantaneous failover to the surviving path without any reconfiguration or protocol messaging overhead. This ensures continuity as traffic reroutes via the operational LAN, with duplicates suppressed using trailer-based identification in the Redundancy Control Trailer (RCT), which embeds sequence numbers and LAN identifiers for precise frame matching at receivers.[19][17] The protocol accommodates unicast, multicast, and broadcast traffic types, with PRP tags incorporated via the RCT appended to frames to denote redundancy details and enable duplicate handling. These tags maintain compatibility with standard Ethernet infrastructure while supporting identification across diverse communication patterns.[16][2] PRP delivers zero frame loss under failure conditions, introduces negligible added latency below 1 ms from parallel transmission and discard processes, and sustains throughput comparable to a non-redundant Ethernet link by leveraging both paths without bandwidth contention in normal operation.[16][17]Frame Handling and Redundancy
In the Parallel Redundancy Protocol (PRP), the transmission process begins at a doubly attached node (DAN), which duplicates each Ethernet frame and appends a PRP trailer containing a 16-bit sequence number and a LAN identifier before simultaneously sending the copies over two independent network interfaces, designated as LAN A and LAN B.[2][3][21] This duplication ensures that the frame travels along parallel paths, providing redundancy without requiring reconfiguration of the network.[22] At the receiving DAN, frames arrive potentially via both LAN A and LAN B, with the node's link redundancy entity (LRE) processing the first valid frame by stripping the PRP trailer and forwarding it to the upper protocol layers.[3][22] The subsequent identical frame is then inspected and discarded to prevent duplication in the data stream.[2] The duplicate suppression algorithm relies on the 16-bit sequence number in the trailer, which is incremented for each frame from a given source and shared identically across both duplicates, allowing the receiver to maintain a per-source MAC address tracking mechanism.[21][23] This counter wraps around after 65,535 frames, at which point it resets for new flows, while the algorithm—such as the drop window or drop slider window methods—compares incoming sequence numbers against stored values to accept only the initial arrival and ignore matches within a defined window.[21][24] The IEC 62439-3 standard does not mandate a specific implementation but requires any duplicate discard method to include mechanisms for removing stale entries to handle wrap-around and network delays effectively.[22] For error handling, if one transmission path fails—due to cable damage, switch outage, or other single-point issues—the frame delivered via the intact path is processed normally, achieving zero recovery time as the receiver operates independently of path status.[2][3] Network diagnostics may detect failures after a short interval, such as three seconds of lost communication, but do not interrupt ongoing traffic.[2] Broadcast and multicast frames follow the same duplication and suppression procedures as unicast frames, with the PRP trailer enabling identification across both LANs.[2] For multicast traffic, integration with protocols like IGMP ensures efficient handling, restoring redundancy within approximately two minutes after path repairs.[2]Clock Synchronization
In real-time industrial applications, the Parallel Redundancy Protocol (PRP) demands precise clock synchronization to minimize jitter and ensure deterministic performance across redundant network paths. This is achieved by integrating the IEEE 1588 Precision Time Protocol (PTP), which operates over PRP's dual LANs to provide high-accuracy time distribution without single points of failure. Implementation involves each PRP node functioning as a PTP boundary clock or ordinary clock, with separate PTP processes running on each port corresponding to the redundant LANs (LAN A and LAN B). PTP messages, such as Sync and Delay_Req, are transmitted on both paths independently, bypassing the standard PRP redundancy control trailer to avoid timing perturbations, with the receiving node processing messages from each LAN via its separate PTP processes, without PRP duplicate suppression. The Best Master Clock Algorithm (BMCA) is extended across the LANs to dynamically select the grandmaster clock based on clock quality, stability, and priority, ensuring a unified time reference for the entire PRP network. Synchronization supports both one-step and two-step timestamping modes, where one-step embeds corrections directly in the Sync message for lower latency, and two-step uses follow-up messages for hardware-limited implementations.[25] This integration delivers sub-microsecond synchronization accuracy, suitable for demanding automation environments, by leveraging end-to-end (E2E) or peer-to-peer (P2P) delay measurements that account for the parallel paths. Challenges such as path asymmetry—arising from differing propagation delays between LANs—are mitigated through residence time corrections in transparent or boundary clocks, where devices measure and adjust for the time spent processing messages on each path. Conformance to PRP-PTP operation is specified in IEC 62439-3 Annex A, ensuring interoperability and reliability in redundant setups.[25]Technical Specifications
Frame Format
The Parallel Redundancy Protocol (PRP) extends standard IEEE 802.3 Ethernet frames by appending a 6-byte Redundancy Control Trailer (RCT) immediately before the 4-byte Frame Check Sequence (FCS). This maintains compatibility with existing Ethernet infrastructure while enabling redundancy features, resulting in a total frame overhead of 6 bytes beyond the conventional structure. The base Ethernet frame includes the 7-byte preamble and start frame delimiter, 6-byte destination MAC address, 6-byte source MAC address, 2-byte length/type field (which may indicate an 802.1Q VLAN tag if present), variable-length payload up to 1500 bytes, and optional padding to ensure a minimum payload of 46 bytes. The RCT is inserted after the payload or padding, with the FCS recalculated over the entire frame including the trailer. Devices supporting PRP must accommodate an extended maximum transmission unit (MTU) of at least 1506 bytes to transmit and receive these frames without dropping them, as the maximum frame size becomes 1524 bytes (excluding preamble and SFD) for a 1500-byte payload.[26][17] The RCT is structured as three concatenated fields totaling 6 bytes, designed for efficient duplicate detection and frame validation. The first 2 bytes form the sequence number, a 16-bit unsigned integer that increments monotonically for each frame sent on a specific connection—defined by the combination of source MAC address, destination MAC address, and VLAN ID (if a tag is present)—starting from 0 and wrapping around to 0 after 65535. The next 2 bytes encode a 4-bit LAN identifier in the most significant bits (1010 binary or 0xA for the primary LAN A path, 1011 binary or 0xB for the secondary LAN B path) and a 12-bit frame size in the least significant bits, where the size specifies the length in octets of the Link Service Data Unit (LSDU) from the destination MAC address to the end of the payload or padding—including the source MAC address, length/type field, optional 4-byte 802.1Q VLAN tag, payload (up to 1500 bytes), and padding (minimum 46 bytes if needed)—but excluding the RCT and FCS itself (up to 1514 bytes without VLAN or 1518 bytes with VLAN). The final 2 bytes are a fixed PRP suffix value of 0x88FB (in big-endian byte order: 88 followed by FB), serving as an identifier to mark the frame as PRP-modified and distinguish it from standard Ethernet traffic. This suffix aligns PRP with related protocols like High-availability Seamless Redundancy (HSR) for consistent frame handling in mixed environments.[11][26] PRP applies the RCT to all frame types transmitted by dual-attached nodes (DANs), including unicast, multicast, and broadcast traffic, ensuring redundancy without altering the original payload content. For frames originating from single-attached nodes (SANs) or non-PRP devices, compatible PRP supernodes or RedBoxes transparently add the trailer upon duplication for transmission over both LANs. The sequence number's per-connection incrementing prevents duplicate accumulation even across VLANs, while the LAN ID explicitly differentiates paths to facilitate discard logic at receivers. The frame size field aids in verifying that the received LSDU matches the expected length, enhancing robustness against transmission errors. In hexadecimal representation, for a first frame (sequence number 1) on LAN A with an LSDU size of 64 bytes (0x0040), the RCT appears as 00 01 (sequence number), A0 40 (LAN ID 0xA shifted left by 12 bits combined with size 0x0040), and 88 FB (suffix). This format, specified in IEC 62439-3 (Edition 4, 2021), ensures zero-recovery-time redundancy by allowing immediate processing of the first arriving copy.[11]Implementation Requirements
Implementing Parallel Redundancy Protocol (PRP) requires specific hardware capable of handling dual independent Ethernet networks to ensure seamless frame duplication and redundancy as defined in IEC 62439-3. Devices must support dual-port Gigabit Ethernet interfaces compliant with IEEE 802.3 standards for full-duplex operation at 1000 Mbps. Common examples include dual-port Network Interface Cards (NICs) such as those based on the Intel I210 controller, which provide the necessary hardware timestamping for Precision Time Protocol (PTP) integration and low-latency processing in redundant setups. PRP-capable switches, such as the Cisco Industrial Ethernet (IE) 4000, 4010, and 5000 series, feature fixed Gigabit Ethernet port pairs designated for LAN A and LAN B channels, enabling direct PRP channel group assignment without additional adapters.[17] Similarly, Hirschmann RSP series managed switches support PRP alongside other redundancy protocols, offering rugged DIN-rail mounting suitable for industrial environments.[27] For harsh conditions, IP67-rated devices like certain Cisco IE heavy-duty models ensure dustproof and waterproof operation while maintaining PRP functionality.[28] Software implementations for PRP involve protocol stacks that handle frame duplication, sequence numbering via the Redundancy Control Trailer (RCT), and discard of duplicates. Open-source options include Linux kernel modules built on the igb driver for Intel Ethernet controllers, extended with PRP-specific patches for industrial distributions to manage dual NICs and PTP synchronization.[29] Commercial solutions, such as Softing's industrial communication gateways, provide PRP integration for protocol mapping in automation systems, while TTTech offers embedded software IP blocks for real-time redundant networking on custom hardware.[30] Firmware updates on switches and NICs are essential for PTP over PRP, ensuring clock synchronization across LANs as per IEC 62439-3 Clause 5, with vendors like Cisco requiring minimum IOS versions (e.g., 15.2(5)E) and FPGA firmware (e.g., 0.37+ for IE-4000).[17] Configuration of PRP networks begins with assigning dual ports to a PRP channel group, ensuring full-duplex mode and an MTU of at least 1506 bytes to accommodate the 6-byte RCT. On Cisco IE switches, this involves entering global configuration mode and using commands likeprp-channel-group 1 to pair interfaces (e.g., Gi1/1 for LAN A and Gi1/2 for LAN B), followed by enabling the group on the interfaces.[17] Sequence numbering is handled automatically by the hardware or firmware, incrementing per source-destination pair to detect and discard duplicates. For Siemens PROFINET setups, configuration uses TIA Portal V19 software to enable PRP on modules like CP443-1 RNA, assigning unique IP addresses per LAN while disabling features like IGMP querier on infrastructure switches. Testing involves loopback diagnostics on individual ports to verify failover, using commands like show prp channel 1 detail to monitor frame statistics and ensure zero recovery time during simulated failures.[31]
Performance considerations for PRP deployment include managing CPU utilization from frame duplication and processing, which typically adds minimal overhead on dedicated hardware but can approach limits under high traffic (e.g., 800 Mbps per lane without exceeding 90% CPU on embedded processors). Power budgeting is critical for industrial devices, with PoE-enabled PRP switches like Rockwell's Stratix 5400 series allocating up to 370 W total budget while accounting for redundancy duplication. Vendor-specific implementations, such as Rockwell Automation's integration with EtherNet/IP on 1756-EN2TP modules, require Studio 5000 software for setup and support CIP Sync for time-aware networking. Siemens PROFINET devices achieve PRP conformance through IEC 62439-3 testing, verified by third-party labs like DNV for functional and performance validation in process bus environments.[32]