1

Unit I
DATA NETWORK FUNDAMENTALS
Network hierarchy

The diagram above organizes the content of the web pages according to the OSI reference model. Each box in the
diagram may be clicked to go to a page which introduces the appropriate section of the course.
The OSI Reference Model
The OSI reference model specifies standards for describing "Open Systems Interconnection" with the term 'open' chosen
to emphasize the fact that by using these international standards, a system may be defined which is open to all other
systems obeying the same standards throughout the world. The definition of a common technical language has been a
major catalyst to the standardization of communications protocols and the functions of a protocol layer.


2

The seven layers of the OSI reference model showing a connection between two end systems communicating using one
intermediate system.
The structure of the OSI architecture is given in the figure above, which indicates the protocols used to exchange data
between two users A and B. The figure shows bidirectional (duplex) information flow; information in either direction
passes through all seven layers at the end points. When the communication is via a network of intermediate systems, only
the lower three layers of the OSI protocols are used in the intermediate systems.
Services provided by each Protocol Layer
The OSI layers may be summarized by:
1. Physical layer: Provides electrical, functional, and procedural characteristics to activate, maintain, and
deactivate physical links that transparently send the bit stream; only recognizes individual bits, not characters or
multi character frames.
2. Data link layer: Provides functional and procedural means to transfer data between network entities and
(possibly) correct transmission errors; provides for activation, maintenance, and deactivation of data link
connections, grouping of bits into characters and message frames, character and frame synchronization, error
control, media access control, and flow control (examples include HDLC and Ethernet)
3. Network layer: Provides independence from data transfer technology and relaying and routing considerations;
masks peculiarities of data transfer medium from higher layers and provides switching and routing functions to
establish, maintain, and terminate network layer connections and transfer data between users.
4. Transport layer: Provides transparent transfer of data between systems, relieving upper layers from concern
with providing reliable and cost effective data transfer; provides end-to-end control and information interchange
with quality of service needed by the application program; first true end-to-end layer.
5. Session layer: Provides mechanisms for organizing and structuring dialogues between application processes;
mechanisms allow for two-way simultaneous or two-way alternate operation, establishment of major and minor
synchronization points, and techniques for structuring data exchanges.
6. Presentation layer: Provides independence to application processes from differences in data representation,
which is, in syntax; syntax selection and conversion provided by allowing the user to select a "presentation
context" with conversion between alternative contexts.
7. Application layer: Concerned with the requirements of application. All application processes use the service
elements provided by the application layer. The elements include library routines which perform inter process
communication, provide common procedures for constructing application protocols and for accessing the
services provided by servers which reside on the network.
The communications engineer is concerned mainly with the protocols operating at the bottom four layers (physical, data
link, network, and transport) in the OSI reference model. These layers provide the basic communications service. The
layers above are primarily the concern of computer scientists who wish to build distributed applications programs using
the services provided by the network.
"Hop-by-Hop" "Network-wide" and "End-to-End" Communication
The two lowest layers operate between adjacent systems connected via the physical link and are said to work "hop by
hop". The protocol control information is removed after each "hop" across a link (i.e. by each System) and a suitable
new header added each time the information is sent on a subsequent hop.

3

The network layer (layer 3) operates "network-wide" and is present in all systems and responsible for overall co-
ordination of all systems along the communications path.
The layers above layer 3 operate "end to end" and are only used in the End Systems (ES) which are communicating. The
Layer 4 - 7 protocol control information is therefore unchanged by the IS in the network and is delivered to the
corresponding ES in its original form. Layers 4-7 (if present) in Intermediate Systems (IS) play no part in the end-to-end
communication.
Medium Access Control (MAC)
The Medium Access Control (MAC) protocol is used to provide the data link layer of the Ethernet LAN system. The
MAC protocol encapsulates a SDU (payload data) by adding a 14 byte header (Protocol Control Information (PCI))
before the data and appending an integrity checksum, The checksum is a 4-byte (32-bit) Cyclic Redundancy Check
(CRC) after the data. The entire frame is preceded by a small idle period (the minimum inter-frame gap, 9.6 microsecond
(S)) and a 8 byte preamble (including the start of frame delimiter).
Preamble
The purpose of the idle time before transmission starts is to allow a small time interval for the receiver electronics in each
of the nodes to settle after completion of the previous frame. A node starts transmission by sending an 8 byte (64 bit)
preamble sequence. This consists of 62 alternating 1's and 0's followed by the pattern 11. Strictly speaking the last byte
which finished with the '11' is known as the "Start of Frame Delimiter". When encoded using Manchester encoding, at 10
Mbps, the 62 alternating bits produce a 10 MHz square wave (one complete cycle each bit period).

The purpose of the preamble is to allow time for the receiver in each node to achieve lock of the receiver Digital Phase
Lock Loop which is used to synchronise the receive data clock to the transmit data clock. At the point when the first bit
of the preamble is received, each receiver may be in an arbitrary state (i.e. have an arbitrary phase for its local clock).
During the course of the preamble it learns the correct phase, but in so doing it may miss (or gain) a number of bits. A
special pattern (11), is therefore used to mark the last two bits of the preamble. When this is received, the Ethernet
receive interface starts collecting the bits into bytes for processing by the MAC layer. It also confirms the polarity of the
transition representing a '1' bit to the receiver (as a check in case this has been inverted).


4

Header

MAC encapsulation of a packet of data
The header consists of three parts:
A 6-byte destination address, which specifies either a single recipient node (unicast mode), a group of recipient
nodes (multicast mode), or the set of all recipient nodes (broadcast mode).
A 6-byte source address, which is set to the sender's globally unique node address. This may be used by the
network layer protocol to identify the sender, but usually other mechanisms are used (e.g. arp). Its main function
is to allow address learning which may be used to configure the filter tables in a bridge.
A 2-byte type field, which provides a Service Access Point (SAP) to identify the type of protocol being carried
(e.g. the values 0x0800 is used to identify the IP network protocol, other values are used to indicate other
network layer protocols). In the case of IEEE 802.3 LLC, this may also be used to indicate the length of the data
part. Th type field is also be used to indicate when a Tag field is added to a frame.
CRC
The final field in an Ethernet MAC frame is called a Cyclic Redundancy Check (sometimes also known as a Frame
Check Sequence). A 32-bit CRC provides error detection in the case where line errors (or transmission collisions in
Ethernet) result in corruption of the MAC frame. Any frame with an invalid CRC is discarded by the MAC receiver
without further processing. The MAC protocol does not provide any indication that a frame has been discarded due to an
invalid CRC.
The link layer CRC therefore protects the frame from corruption while being transmitted over the physical mediuym
(cable). A new CRC is added if the packet is forwarded by the router on another Ethernet link. While the packet is being
processed by the router the packet data is not protected by the CRC. Router processing errors must be detected by
network or transport-layer checksums.
Inter Frame Gap
After transmission of each frame, a transmitter must wait for a period of 9.6 microseconds (at 10 Mbps) to allow the
signal to propagate through the receiver electronics at the destination. This period of time is known as the Inter-Frame
Gap (IFG). While every transmitter must wait for this time between sending frames, receivers do not necessarily see a
"silent" period of 9.6 microseconds. The way in which repeaters operate is such that they may reduce the IFG between
the frames which they regenerate.
Byte Order
It is important to realise that nearly all serial communications systems transmit the least significant bit of each byte first
at the physical layer. Ethernet supports broadcast, unicast, and multicast addresses. The appearance of a multicast address
on the cable (in this case an IP multicast address, with group set to the bit pattern 0xxx xxxx xxxx xxxx xxxx xxxx) is
therefore as shown below (bits transmitted from left to right):

5

0 23 IP Multicast Address Group 47
| | <--------------------------->|
1000 0000 0000 0000 0111 1010 xxxx xxx0 xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast
1 = Assigned for other uses
However, when the same frame is stored in the memory of a computer, the bits are ordered such that the least significant
bit of each byte is stored in the right most position (the bits are transmitted right-to-left within bytes, bytes transmitted
left-to-right):
0 23 47
| | |
0000 0001 0000 0000 0101 1110 0xxx xxxx xxxx xxxx xxxx xxxx
| <--------------------------->
Multicast Bit IP Multicast Address Group
CSMA /CD
The Carrier Sense Multiple Access (CSMA) with Collision Detection (CD) protocol is used to control access to the
shared Ethernet medium. A switched network (e.g. Fast Ethernet) may use a full duplex mode giving access to the full
link speed when used between directly connected NICs, Switch to NIC cables, or Switch to Switch cables.
Receiver Processing Algorithm

Runt Frame
Any frame which is received and which is less than 64 bytes is illegal, and is called a "runt". In most cases, such frames
arise from a collision, and while they indicate an illegal reception, they may be observed on correctly functioning
networks. A receiver must discard all runt frames.



6

Giant Frame
Any frame which is received and which is greater than the maximum frame size, is called a "giant". In theory, the jabber
control circuit in the transceiver should prevent any node from generating such a frame, but certain failures in the
physical layer may also give rise to over-sized Ethernet frames. Like runts, giants are discarded by an Ethernet receiver.
Jumbo Frame
Some modern Gigabit Ethernet NICs support frames that are larger than the traditional 1500 bytes specified by the IEEE.
This new mode requires support by both ends of the link to support Jumbo Frames. Path MTU Discovery is required for
a router to utilise this feature, since there is no other way for a router to determine that all systems on the end-to-end path
will support these larger sized frames.
A Misaligned Frame
Any frame which does not contain an integral number of received bytes (bytes) is also illegal. A receiver has no way of
knowing which bits are legal, and how to compute the CRC-32 of the frame. Such frames are therefore also discarded by
the Ethernet receiver.
Other Issues
The Ethernet standard dictates a minimum size of frame, which requires at least 46 bytes of data to be present in every
MAC frame. If the network layer wishes to send less than 46 bytes of data the MAC protocol adds sufficient number of
zero bytes (0x00, is also known as null padding characters) to satisfy this requirement. The maximum size of data which
may be carried in a MAC frame using Ethernet is 1500 bytes (this is known as the MTU in IP).
A protocol known as the "Address Resolution Protocol" (arp) is used to identify the MAC source address of remote
computers when IP is used over an Ethernet LAN.
Exception to the Rule
An extension to Ethernet, known as IEEE 802.1p allows for frames to carry a tag. The tag value adds an extra level of
PCI to the Ethernet frame header. This increases the size of the total MAC frame when the tag is used. A side effect of
this is that NICs and network devices designed to support this extension require a modification to the jabber detection
circuit.
Token Passing


7

In the access method known as token passing, a special type of packet, called a token, circulates around a cable ring from
computer to computer. When any computer on the ring needs to send data across the network, it must wait for a free
token. When a free token is detected, the computer will take control of it if the computer has data to send.
The computer can now transmit data. Data is transmitted in frames, and additional information, such as addressing, is
attached to the frame in the form of headers and trailers. Let's talk more about these later. For now, only the computer
that has the token can transmit on the network.
While the token is in use by this one computer other computers cannot send data. Because only one computer at a time
can use the token, no contention and no collision take place, and no time is spent waiting for computers to resend tokens
due to network traffic on the cable
The token passing access method is a non-contention method that works very differently from the contention methods
previously discussed. Token passing is a more orderly way for a network to conduct its business. A signal called a token
goes from one computer to the next. In a Token Ring network, the token goes around the ring; in a token bus network, it
goes down the line of the bus. If a computer has data to transmit, it must wait until the token reaches it; then that
computer can capture the token and transmit data.
High Level Link Control (HDLC) Protocol
The HDLC protocol is a general purpose protocol which operates at the data link layer of the OSI reference model. The
protocol uses the services of a physical layer, and provides either a best effort or reliable communications path between
the transmitter and receiver (i.e. with acknowledged data transfer). The type of service provided depends upon the HDLC
mode which is used.
Each piece of data is encapsulated in an HDLC frame by adding a trailer and a header. The header contains an HDLC
address and an HDLC control field. The trailer is found at the end of the frame, and contains a Cyclic Redundancy Check
(CRC) which detects any errors which may occur during transmission. The frames are separated by HDLC flag
sequences which are transmitted between each frame and whenever there is no data to be transmitted.

HDLC Frame Structure showing flags, header (address and control), data and trailer (CRC-16).
HDLC (High Level Data Link Protocol) has been defined by the International Standards Organization for use on both
multipoint and point-to-point links. HDLC is a bit-oriented protocol. It is a predecessor to the local area network datalink
protocols. The two most common modes of operation for HDLC are:

Unbalanced normal response mode (NRM). This is used with only one primary (or master) station initiating all
transactions.

8

Asynchronous balanced mode (ABM). In this mode each node has equal status and can act as either a primary or
secondary node.

FrameFormat
The standard format is indicated Figure. The three different classes of frames used are as follows:
Unnumbered frames: Used for setting up the link or connection and to define whether NRM or ABM is to be used.
They are called unnumbered frames because no sequence numbers are included.
Information frames: Used to convey the actual data from one node to another.
Supervisory frames: Used for flow control and error control purposes. They indicate whether the secondary station is
available to receive the information frames; they are also used to acknowledge the frames. There are two forms of error
control used: a selective re-transmission procedure because of an error, or a request to
transmit a number of previous frames.

Frame Content:
The frame contents are as follows:
The flag character is a byte with the value 01111110. To ensure that the receiver always knows that the character it
receives is unique (rather than merely some other character in the sequence); a procedure called zero
insertion is adopted. This requires the transmitter to insert a 0 after a sequence of five 1s in the text, so that the flag
character can never appear in the message text. The receiver removes the inserted zeros.
The frame check sequence (FCS) uses the CRC-CCITT methodology, with sixteen 1s to the tail of the message before
the CRC calculation proceeds, and the remainder is inverted.
The address field can contain one of three types of address for the request or response messages to or from the
secondary node:
Standard secondary address
Group addresses for groups of nodes on the network
Broadcast addresses for all nodes on the network (here the address contains all 1s)
Where there are a large number of secondaries on the network, the address field can be extended beyond eight bits by
encoding the least significant bit as a 1. This then indicates that there is another byte to follow in the address field.
The control field is indicated in Figure

Protocol Operation:

9

A typical sequence of operations for a multidrop link is given below:
1 The primary node sends a Normal Response Mode frame, with the P/F bit set to 1, together with the address of the
secondary node.
2 The secondary node responds with an unnumbered acknowledgment with the P/F bit set to 1. If the receiving node is
unable to accept the setup command, a disconnected mode frame is returned instead.
3 Data is transferred with the information frames.
4 The primary node sends an unnumbered frame containing a disconnect in the control field.
5 The secondary node responds with an unnumbered acknowledgment. A similar approach is followed for a point-to-
point link using asynchronous balanced mode, except that both nodes can initiate the setting up of the link and the
transfer of information frames, and the clearing of the point-to-point link. The following differences also apply:
When the secondary node transfers the data, it transmits the data as a sequence of information frames with the P/F bit
set to 1 in the final frame of the sequence.
In NRM mode, if the secondary node has no further data to transfer, it responds with a Receiver Not Ready frame with
the P/F bit set to 1.

Error & Flow Control: For a half duplex exchange of information frames, error control is by means of sequence
numbers. Each end maintains a transmit sequence number and a receive sequence number. When a node successfully
receives a frame, it responds with a supervisory frame containing a receiver ready (RR) indication and a receive sequence
number. The number is that of the next frame expected, thus acknowledging all previous frames.

If the receiving node responds with a negative acknowledgment (REJ) frame, the transmitter must transmit all frames
from the receive sequence number in the REJ frame. This happens when the receiver detects an out-of-sequence frame. It
is also possible for selective retransmission to be used. In this case the receiver would return a selection rejection frame
containing only the sequence number of the missing frame.

A slightly more complex approach is required for a point-to-point link using asynchronous balanced mode with full
duplex operation, where information frames are transmitted in two directions at the same time. The same philosophy is
followed as for half duplex operation except that checks for correct sequences of frame numbers must be maintained at
both ends of the link.

Flow control operates on the principle that the maximum number of information frames awaiting acknowledgment at any
time is seven. If seven acknowledgments are outstanding, the transmitting node will suspend transmission until an
acknowledgment is received. This can be either in the form of a receiver ready supervisory frame, or piggybacked in an
information frame being returned from the receiver.

If the sequence numbers at both ends of the link become so out of sequence that the number of frames awaiting
acknowledgment exceeds seven, the secondary node transmits a frame reject or a command reject frame to the primary
node. The primary node then sets up the link again, and on an acknowledgment from the secondary node, both sides
reset all the sequence numbers and commence the transfer of information frames.

It is possible for the receiver to run out of buffer space to store messages. When this happens it will transmit a receiver
not ready (RNR) supervisory frame to the primary node to instruct it to stop sending any more information frames.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

10

The Ethernet network may be used to provide shared access by a group of attached nodes to the physical medium which
connects the nodes. These nodes are said to form a Collision Domain. All frames sent on the medium are physically
received by all receivers, however the Medium Access Control (MAC) header contains a MAC destination address which
ensure only the specified destination actually forwards the received frame (the other computers all discard the frames
which are not addressed to them).
Consider a LAN with four computers each with a Network Interface Card (NIC) connected by a common Ethernet cable:

One computer (Blue) uses a NIC to send a frame to the shared medium, which has a destination address corresponding to
the source address of the NIC in the red computer.

The cable propagates the signal in both directions, so that the signal (eventually) reaches the NICs in all four of the
computers. Termination resistors at the ends of the cable absorb the frame energy, preventing reflection of the signal
back along the cable.

All the NICs receive the frame and each examines it to check its length and checksum. The header destination MAC
address is next examined, to see if the frame should be accepted, and forwarded to the network-layer software in the
computer.

Only the NIC in the red computer recognises the frame destination address as valid, and therefore this NIC alone
forwards the contents of the frame to the network layer. The NICs in the other computers discard the unwanted frame.

11

The shared cable allows any NIC to send whenever it wishes, but if two NICs happen to transmit at the same time, a
collision will occur, resulting in the data being corrupted.
ALOHA & Collisions
To control which NICs are allowed to transmit at any given time, a protocol is required. The simplest protocol is known
as ALOHA (this is actually an Hawaiian word, meaning "hello"). ALOHA allows any NIC to transmit at any time, but
states that each NIC must add a checksum/CRC at the end of its transmission to allow the receiver(s) to identify whether
the frame was correctly received.
ALOHA is therefore a best effort service, and does not guarantee that the frame of data will actually reach the remote
recipient without corruption. It therefore relies on ARQ protocols to retransmit any data which is corrupted. An ALOHA
network only works well when the medium has a low utilisation, since this leads to a low probability of the transmission
colliding with that of another computer, and hence a reasonable chance that the data is not corrupted.
Carrier Sense Multiple Access (CSMA)
Ethernet uses a refinement of ALOHA, known as Carrier Sense Multiple Access (CSMA), which improves performance
when there is a higher medium utilisation. When a NIC has data to transmit, the NIC first listens to the cable (using a
transceiver) to see if a carrier (signal) is being transmitted by another node. This may be achieved by monitoring whether
a current is flowing in the cable (each bit corresponds to 18-20 milliAmps (mA)). The individual bits are sent by
encoding them with a 10 (or 100 MHz for Fast Ethernet) clock using Manchester encoding. Data is only sent when no
carrier is observed (i.e. no current present) and the physical medium is therefore idle. Any NIC which does not need to
transmit, listens to see if other NICs have started to transmit information to it.
However, this alone is unable to prevent two NICs transmitting at the same time. If two NICs simultaneously try
transmit, then both could see an idle physical medium (i.e. neither will see the other's carrier signal), and both will
conclude that no other NIC is currently using the medium. In this case, both will then decide to transmit and a collision
will occur. The collision will result in the corruption of the frame being sent, which will subsequently be discarded by the
receiver since a corrupted Ethernet frame will (with a very high probability) not have a valid 32-bit MAC CRC at the
end.
Collision Detection (CD)
A second element to the Ethernet access protocol is used to detect when a collision occurs. When there is data waiting to
be sent, each transmitting NIC also monitors its own transmission. If it observes a collision (excess current above what it
is generating, i.e. > 24 mA for coaxial Ethernet), it stops transmission immediately and instead transmits a 32-bit jam
sequence. The purpose of this sequence is to ensure that any other node which may currently be receiving this frame will
receive the jam signal in place of the correct 32-bit MAC CRC, this causes the other receivers to discard the frame due to
a CRC error.
To ensure that all NICs start to receive a frame before the transmitting NIC has finished sending it, Ethernet defines a
minimum frame size (i.e. no frame may have less than 46 bytes of payload). The minimum frame size is related to the
distance which the network spans, the type of media being used and the number of repeaters which the signal may have
to pass through to reach the furthest part of the LAN. Together these define a value known as the Ethernet Slot Time,
corresponding to 512 bit times at 10 Mbps.

12

When two or more transmitting NICs each detect a corruption of their own data (i.e. a collision), each responds in the
same way by transmitting the jam sequence. The following sequence depicts a collision:

At time t=0, a frame is sent on the idle medium by NIC A.

A short time later, NIC B also transmits. (In this case, the medium, as observed by the NIC at B happens to be idle too).

After a period, equal to the propagation delay of the network, the NIC at B detects the other transmission from A, and is
aware of a collision, but NIC A has not yet observed that NIC B was also transmitting. B continues to transmit, sending
the Ethernet Jam sequence (32 bits).

After one complete round trip propagation time (twice the one way propagation delay), both NICs are aware of the
collision. B will shortly cease transmission of the Jam Sequence, however A will continue to transmit a complete Jam
Sequence. Finally the cable becomes idle.
Retransmission Back-Off
An overview of the transmit procedure is shown below. The transmitter initialises the number of transmissions of the
current frame (n) to zero, and starts listening to the cable (using the carrier sense logic (CS) - e.g., by observing the Rx
signal at transceiver to see if any bits are being sent). If the cable is not idle, it waits (defers) until the cable is idle. It then
waits for a small Inter-Frame Gap (IFG) (e.g., 9.6 microseconds) to allow to time for all receiving nodes to return to
prepare themselves for the next transmission.
Transmission then starts with the preamble, followed by the frame data and finally the CRC-32. After this time, the
transceiver Tx logic is turned off and the transceiver returns to passively monitoring the cable for other transmissions.

13

During this process, a transmitter must also continuoulsy monitor the collision detection logic (CD) in the transceiver to
detect if a collision ocurs. If it does, the transmitter aborts the transmission (stops sending bits) within a few bit periods,
and starts the collision procedure, by sending a Jam Signal to the transceiver Tx logic. It then calculates a retransmission
time.

If all NICs attempted to retransmit immediately following a collision, then this would certainly result in another
collision. Therefore a procedure is required to ensure that there is only a low probability of simultaneous retransmission.
The scheme adopted by Ethernet uses a random back-off period, where each node selects a random number, multiplies
this by the slot time (minimum frame period, 51.2 S) and waits for this random period before attempting retransmission.
The small Inter-Frame Gap (IFG) (e.g., 9.6 microseconds) is also added.
On a busy network, a retransmission may still collide with another retransmission (or possibly new frames being sent for
the first time by another NIC). The protocol therefore counts the number of retransmission attempts (using a variable N
in the above figure) and attempts to retransmit the same frame up to 15 times.
For each retransmission, the transmitter constructs a set of numbers:
{0, 1, 2, 3, 4, 5, ... L} where L is ([2 to the power (K)]-1) and where K=N; K<= 10;
A random value R is picked from this set, and the transmitter waits (defers) for a period
R x (slot time) i.e. R x 51.2 Micro Seconds
For example, after two collisions, N=2, therefore K=2, and the set is {0, 1, 2, 3} giving a one in four chance of collision.
This corresponds to a wait selected from {0, 51.2, 102.4, 153.6} micro seconds.

14


After 3 collisions, N = 3, and the set is {0, 1, 2, 3, 4, 5, 6, 7}, that is a one in eight chance of collision.
But after 4 collisions, N=4, the set becomes {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, that is a one in 16 chance
of collision.
The scaling is performed by multiplication and is known as exponential back-off. This is what lets CSMA/CD scale to
large numbers of NICs - even when collisions may occur. The first ten times, the back-off waiting time for the
transmitter suffering collision is scaled to a larger value. The algorithm includes a threshold of 1024. The reasoning is
that the more attempts that are required, the more greater the number of NICs which are trying to send at the same time,
and therefore the longer the period which needs to be deferred. Since a set of numbers {0,1,...,1023} is a large set of
numbers, there is very little advantage from further increasing the set size.
Each transmitter also limits the maximum number of retransmissions of a single frame to 16 attempts (N=15). After this
number of attempts, the transmitter gives up transmission and discards the frame, logging an error. In practice, a network
that is not overloaded should never discard frames in this way.
Late Collisions
In a proper functioning Ethernet network, a NIC may experience collision within the first slot time after it starts
transmission. This is the reason why an Ethernet NIC monitors the CD signal during this time and use CSMA/CD. A
faulty CD circuit, or misbehaving NIC or transceiver may lead to a late collision (i.e. after one slot time). Most Ethernet
NICs therefore continue to monitor the CD signal during the entire transmission. If they observe a late collision, they will
normally inform the sender of the error condition.
Performance of CSMA / CD
It is simple to calculate the performance of a CSMA/CD network where only one node attempts to transmit at any time.
In this case, the NIC may saturate the medium and near 100% utilisation of the link may be achieved, providing almost
10 Mbps of throughput on a 10 Mbps LAN.
However, when two or more NICs attempt to transmit at the same time, the performance of Ethernet is less predictable.
The fall in utilisation and throughput occurs because some bandwidth is wasted by collisions and back-off delays. In
practice, a busy shared 10 Mbps Ethernet network will typically supply 2-4 Mbps of throughput to the NICs connected to
it.

15

As the level of utilisation of the network increases, particularly if there are many NICs competing to share the bandwidth,
an overload condition may occur. In this case, the throughput of Ethernet LANs reduces very considerably, and much of
the capacity is wasted by the CSMA/CD algorithm, and very little is available for sending useful data. This is the reason
why a shared Ethernet LAN should not connect more than 1024 computers. Many engineers use a threshold of 40%
Utilisation to determine if a LAN is overloaded. A LAN with a higher utilisation will observe a high collision rate, and
likely a very variable transmission time (due to back off). Separating the LAN in to two or more collision domains using
bridges or switches would likely provide a significant benefit (assuming appropriate positioning of the bridges or
switches).
Shared networks may also be constructed using Fast Ethernet, operating at 100 Mbps. Since Fast Ethernet always uses
fibre or twisted pair, a hub or switch is always required.
Ethernet Capture
A drawback of sharing a medium using CSMA/CD, is that the sharing is not necessarily fair. When each computer
connected to the LAN has little data to send, the network exhibits almost equal access time for each NIC. However, if
one NIC starts sending an excessive number of frames, it may dominate the LAN. Such conditions may occur, for
instance, when one NIC in a LAN acts as a source of high quality packetised video. The effect is known as "Ethernet
Capture".

Ethernet Capture by Node A.
The figure above illustrates Ethernet Capture. Computer A dominates computer B. Originally both computers have data
to transmit. A transmits first. A and B then both simultaneously try to transmit. B picks a larger retransmission interval
than A (shown in red) and defers. A sends, then sends again. There is a short pause, and then both A and B attempt to
resume transmission. A and B both back-off, however, since B was already in back-off (it failed to retransmit), it chooses
from a larger range of back-off times (using the exponential back-off algorithm). A is therefore more likely to succeed,
which it does in the example. The next pause in transmission, A and B both attempt to send, however, since this fails in
this case, B further increases its back-off and is now unable to fairly compete with A.
Ethernet Capture may also arise when many sources compete with one source which has much more data to send. Under
these situations some nodes may be "locked out" of using the medium for a period of time. The use of higher speed
transmission (e.g. 100 Mbps) significantly reduces the probability of Capture, and the use full duplex cabling eliminat es
the effect.

16

The Internetwork Protocol (IP)
The IP (Internet Protocol) is a protocol that uses datagrams to communicate over a packet-switched network. The IP
protocol operates at the network layer protocol of the OSI reference model and is a part of a suite of protocols known as
TCP/IP. Today, with over 1.5 billion users worldwide, the current Internet is a great success in terms of connecting
people and communities. Even though the current Internet continues to work and is capable of fulfilling its current
missions, it also suffers from a relative ossification , a condition where technological innovation meets natural
resistance, as exemplified by the current lack of wide deployment of technologies such as multicast or Internet Protocol
version 6 (IPv6).
The Internetwork Protocol (IP) [RFC791] provides a best effort network layer service for connecting computers to form a
computer network. Each computer is identified by one or more gloablly unique IP addresses. The network layer PDUs
are known as either "packets" or "datagrams". Each packet carries the IP address of the sending computer and also the
address of the intended recipient or recipients of the packet. Other management information is also carried.
The IP network service transmits datagrams between intermediate nodes using IP routers. The routers themselves are
simple, since no information is stored concerning the datagrams which are forwarded on a link. The most complex part of
an IP router is concerned with determining the optimum link to use to reach each destination in a network. This process
is known as "routing". Although this process is computationally intensive, it is only performed at periodic intervals.
An IP network normally uses a dynamic routing protocol to find alternate routes whenever a link becomes unavailable.
This provides considerable robustness from the failure of either links or routers, but does not guarentee reliable delivery.
Some applications are happy with this basic service and use a simple transport protocol known as the User Datagram
Protocol (UDP) to access this best effort service.
Most Internet users need additional functions such as end-to-end error and sequence control to give a reliable service
(equivalent to that provided by virtual circuits). This reliability is provided by the Transmission Control Protocol (TCP)
which is used end-to-end across the Internet.
In a LAN environment, the protocol is normally carried by Ethernet, but for long distance links, other link protocols
using fibre optic links are usually used. Other protocols associated with the IP network layer are the Internet Control
Message Protocol (ICMP) and the Address Resolution Protocol (arp).
IP the Next Generation, IPv6
The IPv4 protocol although widely used, is slowly being superceded by IPv6 [RFC2460], a next-generation network-
layer protocol. IPv6 is now widely implemented, and deployed in many networks.
The gradual transition from IPv4 towards majority IPv6 deployment will take many years and IPv4 may never itself be
phased out completely. In the meantime the two protocols can co-exist and be used together in various ways. IPv6 will
ultimately succeed the current version, IPv4, to become the dominant version of IP used in the Internet. IPv6 changes
many things, one of the most obvious from the Ethernet perspective is that it uses a different Ether-Types and uses the
Neighbor-Discovery (ND) protocol in place of ARP.



17

Unit II
INTER NETWORKING
Network Classification

Types of Networks



18

Network Hardware Componenets

Ethernet Bridges & Switches
A bridge is a LAN interconnection device which operates at the data link layer (layer 2) of the OSI reference model. It
may be used to join two LAN segments (A,B), constructing a larger LAN. A bridge is able to filter traffic passing
between the two LANs and may enforce a security policy separating different work groups located on each of the LANs.
Bridges were first specified in IEEE 802.1D (1990) and later by ISO (in 1993).
The format of PDUs at this layer in an Ethernet LAN is defined by the Ethernet frame format (also known as MAC -
Medium Access Control). It consists of two 6 byte addresses and a one byte protocol ID / length field. The address field
allows a frame to be sent to single and groups of stations. The MAC protocol is responsible for access to the medium and
for the diagnosis of failure in either the medium or the transceiver which attaches to the medium.
Operation of a Bridge
The simplest type of bridge, and that most frequently used is the Transparent Bridge (meaning that the nodes using a
bridge are unaware of its presence). The bridge therefore has to forward (receive and subsequently transmit) frames from
one LAN (e.g. LAN A below) to another (e.g. LAN B). Obviously, the bridge could forward all frames, but then it would
behave rather like a repeater; it would be much smarter if the bridge only forwarded frames which need to travel from
one LAN to another. To do this, the bridge need to learn which computers are connected to which LANs. More formally,
it need to learn whether to forward to each address.


19

A bridge connecting two LAN segments (A and B).
To learn which addresses are in use, and which ports (interfaces on the bridge) theory are closest to, the bridge observes
the headers of received Ethernet frames. By examining the MAC source address of each received frame, and recording
the port on which it was received, the bridge may learn which addresses belong to the computers connected via each port.
This is called "learning". In the figure above, consider three computers X,Y,Z. Assume each sends frames to the other
computers. The source addresses X,Y are observed to be on network A, while the address of computer Z will be observed
to be on network B.

A bridge stores the hardware addresses observed from frames received by each interface and uses this information to
learn which frames need to be forwarded by the bridge.
The learned addresses are stored in the an interface address table associated with each port (interface). Once this table
has been setup, the bridge examines the destination address of all received frames, it then scans the interface tables to see
if a frame has been received from the same address (i.e. a packet with a source address matching the current destination
address). Three possibilities exist:
1. If the address is not found, no frames have been received from the source. The source may not exist, or it may
not have sent any frames using this address. (The address may also have been deleted by the bridge because the
bridge software was recently restarted, ran short of address entries in the interface table, or deleted the address
because it was too old). Since the bridge does not know which port to use to forward the frame, it will send it to
all output ports, except that on which it was received. (It is clearly unnecessary to send it back to the same cable
segment from which it was received, since any other computer/bridges on this cable must already have received
the packet.) This is called flooding.
2. If the address is found in an interface table and the address is associated with the port on which it was received,
the frame is discarded. (It must already have been received by the destination.)
3. If the address is found in an interface table and the address is not associated with the port on which it was
received, the bridge forwards the frame to the port associated with the address.
Packets with a source of X and destination of Y are received and discarded, since the computer Y is directly connected to
the LAN A, whereas packets from X with a destination of Z are forwarded to network B by the bridge.
Broadcast and Multicast
Bridges forward a broadcast frame out of all connected ports except that on which the frame was received. The normal
action for multicast frame is to treat them as broadcast frame. This is clearly suboptimal, since a bridge may send

20

multicast frames to parts of the network for which there are no interested receivers. Some bridges implement extra
processing to control the flooding of multicast frames.
Managing the Interface Tables
A bridge may implement an interface table using a software data structure or use a Contents Addressable Memory
(CAM) chip. In either case, the size of the table is finite, and usually constrained to 1000's - 10 000's of entries. In a large
LAN this may be a limit. To help keep the table small, most bridges maintain a check of how recently each address was
used. Addresses which have not been used for a long period of time (e.g. minutes) are deleted. This has the effect of
removing unused entries, but if the address is again used, before a frame is received from the same source, it will require
the frame to be flooded to all ports.
A useful side effect of deleting old addresses is that the bridge interface table records only working MAC addresses. If a
NIC stops sending, its address will be deleted from the table. If the NIC is subsequently reconnected, the entry will be
restored, but if the connection is made to another port (the cable is changed) a different (updated) entry will be inserted
corresponding to the actual port associated with the address. (The bridge always updates the interface table for each
source address in a received MAC frame, therefore even if a computer changes the point at which it is connected without
first having the interface table entry removed, the bridge will still update the table entry).
Filter Tables
In some managed bridges, a system administrator may override the normal forwarding by inserting entries in a filter table
to inhibit forwarding between different work groups (for example to provide security for a particular set of MAC
addresses). The filter table contains a list of source or destination addresses. Frames which match entries in the filter
table will only be forwarded to specific configured ports. This can be used to implement security polcies and also to
constrcut Virtual LANs.
Multiple Port Bridges (Switches)
A bridge with more than two interfaces (ports) is also known as a switch. There are important differences between
switches and hubs. In particular, the way in which they forward frames.


21

A Hub sending a packet form F to C.
A hub (or repeater) forwards a received frame out of all the interfaces (ports), resulting in the frame reaching all
connected equipment, even though the frame may be only destined for a system connected to one particular interface (C,
in the above diagram).
A switch, on the other hand, forwards the frame to only the required interface. The switch learns the association between
the systems MAC addresses and the interface ports in the same way as a bridge (see above). By sending the packet only
where it need to go, the switch reduces the number of packets on the other LAN segments (and hence the load on these
segments), increasing the overall performance of the connected LANs. The switch also improves security, since frames
only travel where they are intended (and can not in this case, for instance, be observed by an unauthorised computer
attached to segment A).

A Switch sending a packet from F to C
Switches (like bridges) normally forward all multicast and broadcast packets to all receivers (some switches have extra
processing to help improve performance of multicast forwarding). More details about this, and the operation of switches
may be found in a related page (see below).

22


A Switch sending a frame from F to a multicast / broadcast address
Note:
Bridges receive Ethernet frames using a port set in promiscuous mode, and hence see all frames that are sent over the
LAN. the decide whether to forward the frames that they receive based on the Ethernet MAC destination address of a
received frame. This results in reduced traffic on other ports, since traffic is only forwarded when it has to be.
Connecting Bridges and Switches Together
There is a special rule controlling the inetrconnection of bidges and switches (as there is for Ethernet Hubs). The rule
says simply, that a bridge / switch /hub LAN must form a tree, and not a ring. That is, there must be only one path
between any two computers. If more than one parallel path were to exist, a loop would be formed, resulting in endless
circulation of frames over the loop. This would soon result in overload of the network. To prevent this happening, the
IEEE (in IEEE 802.1D) has defined the Spanning Tree Algorithm (STA) which automaticallt detects loops and disables
one of the parallel paths. The Spanning Tree Algorithm may also be used to build fault-tolerent networks, since if the
chosen path becomes invalid (e.g. due to a cable / bridge / switch fault), and an alternate path exists, the alternate path is
enabled automatically.
Routers
A router is an Intermediate System (IS) which operates at the network layer of the OSI reference model. Routers may be
used to connect two or more IP networks, or an IP network to an internet connection.
A router consists of a computer with at least two network interface cards supporting the IP protocol. The router receives
packets from each interface via a network interface and forwards the received packets to an appropriate output network
interface. Received packets have all link protocol headers removed, and transmitted packets have a new link protocol
header added prior to transmission.
The router uses the information held in the network layer header (i.e. IP header) to decide whether to forward each
received packet, and which network interface to use to send the packet. Most packets are forwareded based on the
packet's IP destination address, along with routing information held within the router in a routing table. Before a packet

23

is forwarded, the processor checks the Maximum Transfer Unit (MTU) of the specified interface. Packets larger than the
interface's MTU must be fragmented by the router into two or more smaller packets. If a packet is received which has the
Don't Fragment (DF) bit set in the packet header, the packet is not fragmented, but instead discarded. In this case, an
ICMP error message is returned to the sender (i.e. to the original packet's IP source address) informing it of the
interface's MTU size. This forms the basis for Path MTU discovery (PMTU).
The routing and filter tables resemble similar tables in link layer bridges and switches. Except, that instead of specifying
link hardware addresses (MAC addresses), the router table sepcify network (IP addresses). The routing table lists known
IP destination addresses with the appropraite network interface to be used to reach that destiantion. A default entry may
be specified to be used for all addresses not explicitly defined in the table (this is very common in routers close to the
edge of the networ, where the default routes packets towards the Internet backbone).
A filter table may also be used to ensure that unwanted packets are discarded. The filter may be used to deny access to
particular protocols or to prevent unauthorised access from remote computers by discarding packets to a specified
destination address. Routers at the edge of ISP networks also often perform filtering of the IP source address, as a way to
prevent "spoofing" of addresses belonging to other networks.
A router forwards packets from one IP network to another IP network. Like other systems, it routes based on the longest-
prefxi match of the IP addresss in the routing table. One exception to this rule is when a router receives an IP packet to a
network broadcast address. In this case, the router will process the packet internally (to see if it needs to respond) and
then discards the packet. Forwarding broadcast packet can lead to severe storms of packets, and if uncontrolled could
lead to network overload.
A router introduces delay (latency) as it processes the packets it receives. The total delay observed is the sum of many
components including:
Time taken to process the frame by the data link protocol
Time taken to select the correct output link (i.e. filtering and routing)
Queuing delay at the output link (when the link is busy)
Other activities which consume processor resources (computing routing tables, network management, generation
of logging information)
The router queue of packets waiting to be sent also introduces a potential cause of packet loss. Since the router has a
finite amount of buffer memory to hold the queue, a router which receives packets at too high a rate may experience a
full queue. In this case, the router ahs no other option than to simply discard excess packets. If required, these may later
be retransmitted by a transport protocol.

24


Architecture of a router
Routers are often used to connect together networks which use different types of links (for instance an HDLC or PPP link
connecting a WAN to a local Ethernet LAN). The optimum (and maximum) packet lengths (i.e. the maximum
transmission unit (MTU)) is different for different types of network. A router may therefore uses IP to provide
segmentation of packets into a suitable size for transmission on a network.
Associated protocols perform network error reporting (ICMP), communication between routers (to determine appropriate
routes to each destination) and remote monitoring of the router operation (network management).
The operation of a simple modern router is described on a separate page. If you want to know how the router actually
works click HERE.
Repeaters
Repeaters operate within the physical layer of the OSI reference model and regenerate the signal . Repeaters are used in
LANs MAN and WANs. They may be used to provide more flexibility in design of a network or to extend the distance
over which a signal may travel down a cable. One example of a repeater is an Ethernet Hub.

The 5-4-3 rule
The 5-4-3 rule is important when considering using repeaters (or 10BT hubs) to build a larger LAN. This rule states that
a single Ethernet LAN should not have more than:5 No path between any two end systems (network interface cards or
other equipment) may cross more than FIVE Ethernets segments. 4 No path between any two end systems may cross
more than FOUR Ethernet hubs or repeaters.3 No more than THREE of the five segments on the longest path may be
active segments (i.e. segments with more than two nodes and/or repeater ports). The remaining two segments must be
point-to-point links.
Hub / Switch / Bridge / Router
In data communications, a hub is a place of convergence where data arrives from one or more directions and is
forwarded out in one or more other directions. A hub usually includes a switch of some kind.


25

In telecommunications, a switch is a network device that selects a path or circuit for sending a unit of data to its
next destination.
A switch may also include the function of the router, a device or program that can determine the route and
specifically what adjacent network point the data should be sent to.
In general, a switch is a simpler and faster mechanism than a router, which requires knowledge about the
network and how to determine the route
In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local
area network that uses the same protocol (for example, Ethernet or token ring).
On the Internet, a router is a device or, in some cases, software in a computer, that determines the next network
point to which a concept of packet should be forwarded toward its destination.

The router is connected to at least two networks and decides which way to send each information packet based
on its current understanding of the state of the networks it is connected to.
A router is located at any gateway (where one network meets another), including each Internet point-of-
presence. A router is often included as part of a network switch.



Ethernet
developed by Xerox in 19731975
standardized as IEEE 802.3
has replaced token ring, FDDI and ARCNET
usually uses twisted pair cable ( RJ-45)
IEEE 802.3: Ethernet is the most widely-installed local area network (LAN) protocol. Specified in a standard,
IEEE 802.3, Ethernet was originally developed by Xerox and then developed further by Xerox, DEC, and Intel.
An Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires.
10BASE-T: The most commonly installed Ethernet systems are called 10BASE-T and provide transmission
speeds up to 10 Mbit/s. Devices are connected to the cable and compete for access using a Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) protocol.
100BASE-T or Fast Ethernet provides transmission speeds up to 100 megabits per second and is typically used
for LAN backbone systems, supporting workstations with 10BASE-T cards.
Gigabit Ethernet provides an even higher level of backbone support at 1000 megabits per second (1 gigabit or 1
billion bits per second).



26

ARCnet (Attached Resource Computer network)
ARCnet is a widely-installed local area network (LAN) technology that uses a token-bus scheme for managing
line sharing among the workstations and other devices connected on the LAN.
The LAN server continuously circulates empty message frames on a bus (a line in which every message goes
through every device on the line and a device uses only those with its address).
GENERIC ARCNET BOARD


GENERIC ARCNET BOARD



27

GENERIC ARCNET BOARD FEATURES
80c31 CPU
16 MHZ CLOCK
64K RAM
64K FLASH ROM
8 bit I/O port
256 bytes (available for memory mapped I/O)
1 serial port OR 2 bit bi-directional I/O port
2 bit I/O port (dedicated)
Automatic reset on power-up
16 user definable chip selects
Two standard 16 bit counters.
ARCNET software interface built-in
Firm ware upload feature up to 39K
Token removal (turn off ARCNET stop noise)
2.5Mbits/s data rate (ARCNET)
works in high magnetic fields (external power supply needed)
optoisolation between each node.

What is ARCNET?
Attached Resource Computer NETwork
Token-Passing Local Area Network (LAN)
Originally 2.5 Mbps data rate
255 Nodes or Stations
Variable Packet Length
Bus or Distributed Star Wiring
Unicast or Broadcast Messages
One to one or one to all
Coaxial, Fiber Optic, Twisted-pair Cabling
Over 20 Million Installed Nodes
Originally developed by Datapoint Corporation as an office network
Chip sets available from SMSC
ATA 878.1-1999 Local Area Network: Token Bus
Ideally suited for an industrial network

28

What are ARCNETs Benefits?
Broad Acceptance
Large Installed Base
Deterministic Performance
Simple to Install
Low Cost per Node
Robust Design
Multiple Cable Media Support
Multi-master Communication
Where is ARCNET Used?
HVAC
Motor Drives
Power Generation
Data Acquisition and Control
Manufacturing Information Systems
Office Automation
Shipboard Automation
Printing Press Controls
Telecommunications
Gaming Machines
Vehicular Navigation
Security Systems
ARCNET Protocol
Only Five Simple Commands
ITT - Invitation to transmit
FBE - Free buffer enquiry
PAC - Packet
ACK - Acknowledgement

29

NAK - Negative acknowledgement
ARCNET Protocol Features
Deterministic Token Passing
Packet Flow Control
Error Detection
Auto Reconfiguration
Variable Packet Size
Supports Various Transceivers & Media
Supports Various Software Drivers
Up to 255 Nodes Per Network
Token Passing - Transmitting on the network is only permitted when a node has the token
Every node can transmit once during each token rotation
Benefits:
Every node has a guaranteed response time to transmit
Deterministic behavior
Auto-Reconfiguration - Network is automatically reconfigured when a node joins or leaves the network
Token pass is automatically reconfigured
Typical time 20 - 30 ms
Supports live node insertion and deletion
Variable Packet Size
From 1 to 507 bytes per packet
Packet Flow Control - Transmitter checks receiver to make sure it is ready to receive a packet
Reduced software overhead
Increased bandwidth
No lost packets due to input buffer overruns
Error Detection - 16 bit CRC checks each packet
Corrupted packets automatically rejected
Transmitter is aware of the error

30

Reduced software overhead
Better CPU utilization


























31

Unit III
HART AND FIELDBUS
HART Overview
The majority of smart field devices installed worldwide today are HART-enabled. But some new in the automation field
may need a refresher on this powerful technology.
Simply put, the HART (Highway Addressable Remote Transducer) Protocol is the global standard for sending and
receiving digital information across analog wires between smart devices and control or monitoring system.
More specifically, HART is a bi-directional communication protocol that provides data access between intelligent field
instruments and host systems. A host can be any software application from technician's hand-held device or laptop to a
plant's process control, asset management, safety or other system using any control platform.
A DIGITAL UPGRADE FOR EXISTING PLANTS
HART technology offers a reliable, long-term solution for plant operators who seek the benefits of intelligent devices
with digital communication that is included in the majority of the devices being installed. In many cases however,
most applications cannot retrofit their existing automation systems with a system that can accept the digital data which is
provided by the HART Protocol.
Because most automation networks in operation today are based on traditional 4-20mA analog wiring, HART technology
serves a critical role because the digital information is simultaneously communicated with the 4-20mA signal. Without it,
there would be no digital communication.
A CRITICAL, DIGITAL ROLE
HART technology is easy to use and very reliable when used for commissioning and calibration of smart devices as well
as for continuous online diagnostics.
There are several reasons to have a host communicate with smart devices. These include:
Device Configuration or re-configuration
Device Diagnostics
Device Troubleshooting
Reading the additional measurement values provided by the device
Device Health and Status
Much more: There are many benefits of using HART technology, and more users are reporting benefits in their
projects on a continual basis. For more information please visit Success Stories
Years of success using these benefits explain why HART technology is the largest of all communication protocols,
installed in more than 30 million devices worldwide.
If you've ever used a land-line telephone and noticed the Caller ID display to take note of who is calling, you already
know half of what the HART Protocol doesit tells "who" is calling. In an industrial automation network "who" is a
microprocessor-based smart field device. In addition to letting such smart field devices "phone home," HART
Communication lets a host system send data to the smart instrument.

32

HART emerged in the late1980s based on the same technology that brought Caller ID to analog telephony. It has
undergone continued development, up to and including automation products now shipping with built-in WirelessHART
Communication.
How HART Works
HART is an acronym for Highway Addressable Remote Transducer. The HART Protocol makes use of the Bell 202
Frequency Shift Keying (FSK) standard to superimpose digital communication signals at a low level on top of the 4-
20mA.

Frequency Shift Keying (FSK)
This enables two-way field communication to take place and makes it possible for additional information beyond just the
normal process variable to be communicated to/from a smart field instrument. The HART Protocol communicates at
1200 bps without interrupting the 4-20mA signal and allows a host application (master) to get two or more digital
updates per second from a smart field device. As the digital FSK signal is phase continuous, there is no interference with
the 4-20mA signal.
HART technology is a master/slave protocol, which means that a smart field (slave) device only speaks when spoken to
by a master. The HART Protocol can be used in various modes such as point-to-point or multidrop for communicating
information to/from smart field instruments and central control or monitoring systems.

HART Communication occurs between two HART-enabled devices, typically a smart field device and a control or
monitoring system. Communication occurs using standard instrumentation grade wire and using standard wiring and
termination practices.

The HART Protocol provides two simultaneous communication channels: the 4-20mA analog signal and a digital signal.
The 4-20mA signal communicates the primary measured value (in the case of a field instrument) using the 4-20mA
current loop - the fastest and most reliable industry standard. Additional device information is communicated using a
digital signal that is superimposed on the analog signal.



33

The digital signal contains information from the device including device status, diagnostics, additional measured or
calculated values, etc. Together, the two communication channels provide a low-cost and very robust complete field
communication solution that is easy to use and configure.


Two Communication Channels
The HART Protocol provides for up to two masters (primary and secondary). This allows secondary masters such as
handheld communicators to be used without interfering with communications to/from the primary master, i.e.
control/monitoring system.

Primary and Secondary Masters




34

The HART Protocol permits all digital communication with field devices in either point-to-point or multidrop network
configurations:


Multidrop Configuration
There is also an optional "burst" communication mode where a single slave device can continuously broadcast a standard
HART reply message. Higher update rates are possible with this optional burst communication mode and use is normally
restricted to point-to-point configuration.
HART Protocol Specifications
The HART Protocol was developed in the late 1980's and transferred to the HART Foundation in the early 1990's. Since
then it has been updated several times. When the protocol is updated, it is updated in a way that ensures backward
compatibility with previous versions. The current version of the HART Protocol is revision 7.3. The "7" denotes the
major revision level and the "3" denotes the minor revision level.
The HART Protocol implements layers 1,2, 3, 4 and 7 of the Open System Interconnection (OSI) 7-layer protocol model:
The HART Physical Layer is based on the Bell 202 standard, using frequency shift keying (FSK) to communicate at
1200 bps. The signal frequencies representing bit values of 0 and 1 are 2200 and 1200Hz respectively. This signal is
superimposed at a low level on the 4-to-20mA analog measurement signal without causing any interference with the
analog signal.

35

The HART Data Link Layer defines a master-slave protocol - in normal use, a field device only replies when it is
spoken to. There can be two masters, for example, a control system as a primary master and a handheld HART
communicator as a secodary master. Timing rules define when each master may initiate a communication transaction. Up
to 15 or more slave devices can be connected to a single multidrop cable pair.
The Network Layer provides routing, end-to-end security, and transport services. It manages "sessions" for end-to-end
communication with correspondent devices.
The Transport Layer: The Data-Link Layer ensures communications are successfully propagated from one device to
another. The Transport Layer can be used to ensure end-end communication is successful.
The Application Layer defines the commands, responses, data types and status reporting supported by the Protocol. In
the Application Layer, the public commands of the protocol are divided into four major groups:
1. Universal Commands - provide functions which must be implemented in all field devices
2. Common Practice Commands - provide functions common to many, but not all field devices
3. Device Specific Commands - provide functions that are unique to a particular field device and are specified by
the device manufacturer
4. Device Family Commands - provide a set of standardized functions for instruments with particular measurement
types, allowing full generic access without using device-specific commands.
HART Commands
The HART Protocol is a master-slave communication protocol which means that during normal operation, each slave (a
field device) communication is initiated by a request (or command) from the master (host) communication device. The
master or host is generally a distributed control, PLC, or PC-based asset management system for example. The slave
device is typically a field measurement device such as pressure, level, temperature, flow or other transmitters.
In order to make certain any HART-enabled device from any supplier can communicate properly and respond to a
command with the correct information, the set and types of commands are defined in the HART Specifications and
implemented in all HART registered devices.
Users need not worry about these commands because they are included in the functions of the host. The specific
capabilities of a device (device specific commands) are available to the host when the host is given the instructions
included in the Device Description (DD) of a specific device.
An important point is that defined device status indications are included with each communication response to the host.
The host then interprets these status indicators and may provide basic device diagnostic information.
The HART Command Set provides uniform and consistent communication for all field devices. Host applications may
implement any of the necessary commands for a particular application. The command set includes three classes:
Universal
All devices using the HART Protocol must recognize and support the universal commands. Universal commands provide
access to information useful in normal operations (e.g., read primary variable and units).
Common Practice commands provide functions implemented by many, but not necessarily all, HART Communication
devices.
Device Specific commands represent functions that are unique to each field device. These commands access setup and
calibration information, as well as information about the construction of the device. Information on Device Specific
commands is available from device manufacturers.

36

A Partial List of HART Commands:
Universal Commands Common Practice Commands Device Specific Commands
Read manufacturer and device
type
Read primary variable (PV) and
units
Read current output and percent
of range
Read up to four pre-defined
dynamic variables
Read or write eight-character
tag, 16-character descriptor, date
Read or write 32-character
message
Read device range values, units,
and damping time constant
Read or write final assembly
number
Write polling address
Read selection of up to four
dynamic variables
Write damping time
constant
Write device range values
Calibrate (set zero, set span)
Set fixed output current
Perform self-test
Perform master reset
Trim PV zero
Write PV unit
Trim DAC zero and gain
Write transfer function
(square root/linear)
Write sensor serial number
Read or write dynamic
variable assignments
Read or write low-flow cut-
off
Start, stop, or clear totalizer
Read or write density
calibration factor
Choose PV (mass, flow, or
density)
Read or write materials or
construction information
Trim sensor calibration
PID enable
Write PID set point
Valve characterization
Valve set point
Travel limits
User units
Local display information

Highway Addressable Remote Transducer Protocol
HART
Protocol Information
Type of
Network
Device Bus (Process Automation)
Physical
Media
Legacy 4-20 mA analog
instrumentation wiring or 2.4 GHz
Wireless
Network
Topology
One-on-One, Multidrop, Wireless
Mesh
Maximum
Devices
15 in multidrop
Maximum
Speed
Depends on Physical Layer employed
Device
Addressing
Hardware/Software
Governing
Body
HART Communication Foundation

37

The HART Communications Protocol (Highway Addressable Remote Transducer Protocol) is an early implementation
of Fieldbus, a digital industrial automation protocol. Its most notable advantage is that it can communicate over legacy 4-
20 mA analog instrumentation wiring, sharing the pair of wires used by the older system. According to Emerson,[1] due
to the huge installed base of 4-20 mA systems throughout the world, the HART Protocol is one of the most popular
industrial protocols today. HART protocol has made a good transition protocol for users who were comfortable using the
legacy 4-20 mA signals, but wanted to implement a "smart" protocol. Industries seem to be using Profibus DP/PA and
Foundation fieldbus (also by Rosemount) more as users become familiar with later technology and look to take
advantage of the enhanced diagnostics they can provide.
The protocol was developed by Rosemount Inc., built off the Bell 202 early communications standard, in the mid-1980s
as proprietary digital communication protocol for their smart field instruments. Soon it evolved into HART. In 1986, it
was made an open protocol. Since then, the capabilities of the protocol have been enhanced by successive revisions to the
specification.
Modes
There are two main operational modes of HART instruments: analog/digital mode, and multidrop mode.
In point-to-point mode (analog/digital) the digital signals are overlaid on the 4-20 mA loop current. Both the 4-20 mA
current and the digital signal are valid output values from the instrument. The polling address of the instrument is set to
"0". Only one instrument can be put on each instrument cable signal pair. One signal, generally specified by the user, is
specified to be the 4-20 mA signal. Other signals are sent digitally on top of the 4-20 mA signal. For example, pressure
can be sent as 4-20 mA, representing a range of pressures, and temperature can be sent digitally over the same wires. In
point-to-point mode, the digital part of the HART protocol can be seen as a kind of digital current loop interface.
In multidrop mode (digital) only the digital signals are used. The analog loop current is fixed at 4 mA. In multidrop mode
it is possible to have more than one instruments on one signal cable. HART revisions 3 through 5 allowed polling
addresses of the instruments to be in the range 1-15. HART 6 and later allowed address up to 63. Each instrument needs
to have a unique address.
The HART Packet has the following structure
Field Name Length (Bytes) Purpose
Preamble 5-20 Synchronization and Carrier Detect
Start Byte 1 Specifies Master Number
Address 1-5 Specifies slave, Specifies Master and Indicates Burst Mode
Command 1 Numerical Value for the command to be executed
Number of data bytes 1 Indicates the size of the Data Field
Status Master (0) Slave (2) Execution and Health Reply
Data 0-253 Data associated with the command
Checksum 1 XOR of all bytes from Start Byte to Last byte of Data

38

Preamble
Currently all the newer devices implement 5 byte preamble, since anything greater reduces the communication speed.
However, masters are responsible for backwards support. Master communication to a new device starts with the
maximum preamble length (20 bytes) and is later reduced once the preamble size for the current device is determined.
Start delimiter
This byte contains the Master number and specifies the communication packet is starting.
Address
Specifies the destination address as implemented in one of the HART schemes. The original addressing scheme used
only 4 bits to specify the device address, which limited the number of devices to 16 including the master.
The newer scheme utilizes 38 bits to specify the device address. This address is requested from the device using either
Command 0, or Command 11.
Command
This is a 1 byte numerical value representing which command is to be executed. Command 0 and Command 11 are used
to request the device number.
Number of data bytes
Specifies the number of communication data bytes to follow.
Status
The status field is absent for the master and is two bytes for the slave. This field is used by the slave to inform the master
whether it completed the task and what its current health status is.
Data
Data contained in this field depends on the command to be executed.
Checksum
Checksum is composed of an XOR of all the bytes starting from the start byte and ending with the last byte of the data
field, including those bytes.
Fieldbus is the name of a family of industrial computer network protocols used for real-time distributed control,
standardized as IEC 61158.
A complex automated industrial system such as manufacturing assembly line usually needs a distributed control
systeman organized hierarchy of controller systemsto function. In this hierarchy, there is usually a Human Machine
Interface (HMI) at the top, where an operator can monitor or operate the system. This is typically linked to a middle layer

39

of programmable logic controllers (PLC) via a non-time-critical communications system (e.g. Ethernet). At the bottom of
the control chain is the fieldbus that links the PLCs to the components that actually do the work, such as sensors,
actuators, electric motors, console lights, switches, valves and contactors.
Description
Fieldbus is an industrial network system for real-time distributed control. It is a way to connect instruments in a
manufacturing plant. Fieldbus works on a network structure which typically allows daisy-chain, star, ring, branch, and
tree network topologies. Previously, computers were connected using RS-232 (serial connections) by which only two
devices could communicate. This would be the equivalent of the currently used 4-20 mA communication scheme which
requires that each device has its own communication point at the controller level, while the fieldbus is the equivalent of
the current LAN-type connections, which require only one communication point at the controller level and allow
multiple (hundreds) of analog and digital points to be connected at the same time. This reduces both the length of the
cable required and the number of cables required. Furthermore, since devices that communicate through fieldbus require
a microprocessor, multiple points are typically provided by the same device. Some fieldbus devices now support control
schemes such as PID control on the device side instead of forcing the controller to do the processing.
History
Bitbus
The oldest commonly used field bus technology is Bitbus. Bitbus was created by Intel Corporation to enhance use of
Multibus systems in industrial systems by separating slow i/o functions from faster memory access. In 1983, Intel created
the 8044 Bitbus microcontroller by adding field bus firmware to its existing 8051 microcontroller. Bitbus uses EIA-485
at the physical layer, with two twisted pairs - one for data and the other for clocking and signals. Use of SDLC at the data
link layer permits 250 nodes on one segment with a total distance of 13.2 km. Bitbus has one master node and multiple
slaves, with slaves only responding to requests from the master. Bitbus does not define routing at the network layer. The
8044 permits only a relatively small data packet (13 bytes), but embeds an efficient set of RAC (remote access and
control) tasks and the ability to develop custom RAC tasks. In 1990, the IEEE adopted Bitbus as the Microcontroller
System Serial Control Bus (IEEE-1118).[1][2]
Today BITBUS is maintained by the BEUG - BITBUS European Users Group.[3]
Standardization
Although fieldbus technology has been around since 1988, with the completion of the ISA S50.02 standard, the
development of the international standard took many years. In 1999, the IEC SC65C/WG6 standards committee met to
resolve difference in the draft IEC fieldbus standard. The result of this meeting was the initial form of the IEC 61158
standard with eight different protocol sets called "Types" as follows:
Type 1 Foundation Fieldbus H1
Type 2 ControlNet
Type 3 PROFIBUS
Type 4 P-Net
Type 5 FOUNDATION fieldbus HSE (High Speed Ethernet)
Type 6 SwiftNet (a protocol developed for Boeing, since withdrawn)
Type 7 WorldFIP

40

Type 8 Interbus
This form of standard was first developed for the European Common Market, concentrates less on commonality, and
achieves its primary purposeelimination of restraint of trade between nations. Issues of commonality are now left to
the international consortia that support each of the fieldbus standard types. Almost as soon as it was approved, the IEC
standards development work ceased and the committee was dissolved. A new IEC committee SC65C/MT-9 was formed
to resolve the conflicts in form and substance within the more than 4000 pages of IEC 61158. The work on the above
protocol types is substantially complete. New protocols, such as for safety fieldbuses or real-time ethernet- fieldbuses are
being accepted into the definition of the international fieldbus standard during a typical 5-year maintenance cycle.
Both Foundation Fieldbus and Profibus technologies are now commonly implemented within the process control field,
both for new developments and major refits. In 2006, China saw the largest FF (Foundation Fieldbus) systems
installations at NanHai and SECCO, each with around 15000 fieldbus devices connected.
[citation needed]

IEC 61158 specification
There were many competing technologies for fieldbus and the original hope for one single unified communications
mechanism has not been realized. This should not be unexpected since fieldbus technology needs to be implemented
differently in different applications; automotive fieldbus is functionally different from process plant control. The final
edition of IEC standard IEC 61158 allows 8 technologies.This are the some hierarchic layer of the automation protocols.
IEC 61158 consists of the following parts, under the general title Digital data communications for measurement and
control Fieldbus for use in industrial control systems:
Part 1: Overview and guidance for the IEC 61158 series
Part 2: Physical Layer specification and service definition
Part 3: Data Link Service definition
Part 4: Data Link Protocol specification
Part 5: Application Layer Service definition
Part 6: Application Layer Protocol specification
Standards
There are a wide variety of competing fieldbus standards. Some of the most widely used ones include:
AS-Interface
CAN
EtherCAT
FOUNDATION fieldbus
Interbus
LonWorks
Modbus
Profibus
BITBUS
CompoNet
SafetyBUS p
RAPIEnet

41

See List of automation protocols for more examples.
Cost advantage
The amount of cabling required is much lower in Fieldbus than in 4-20 mA installations. This is because many devices
share the same set of cables in a multi-dropped fashion rather than requiring a dedicated set of cables per device as in the
case of 4-20 mA devices. Moreover, several parameters can be communicated per device in a Fieldbus network whereas
only one parameter can be transmitted on a 4-20 mA connection. Fieldbus also provides a good foundation for the
creation of a predictive and proactive maintenance strategy. The diagnostics available from fieldbus devices can be used
to address issues with devices before they become critical problems.
[4]

Networking
With the exception of ARCNET, which was conceived as early as 1975 for office connectivity and later found uses in
industry, the majority of fieldbus standards were developed in the 1980s and became fully established in the marketplace
during the mid-1990s. In the United States, Allen-Bradley developed standards that eventually grew into DeviceNet and
ControlNet; in Europe, Siemens and other manufacturers developed a protocol which evolved into PROFIBUS.
During the 1980s, to solve communication problems between different control systems in cars, the German company
Robert Bosch GmbH first developed the Controller Area Network (CAN). The concept of CAN was that every device
can be connected by a single set of wires, and every device that is connected can freely exchange data with any other
device. CAN soon migrated into the factory automation marketplace (with many others).
Despite each technology sharing the generic name of fieldbus the various fieldbus are not readily interchangeable. The
differences between them are so profound that they cannot be easily connected to each other.[5] To understand the
differences among fieldbus standards, it is necessary to understand how fieldbus networks are designed. With reference
to the OSI model, fieldbus standards are determined by the physical media of the cabling, and layers one, two and seven
of the reference model.
For each technology the physical medium and the physical layer standards fully describe, in detail, the implementation of
bit timing, synchronization, encoding/decoding, band rate, bus length and the physical connection of the transceiver to
the communication wires. The data link layer standard is responsible for fully specifying how messages are assembled
ready for transmission by the physical layer, error handling, message-filtering and bus arbitration and how these
standards are to be implemented in hardware. The application layer standard, in general defines how the data
communication layers are interfaced to the application that wishes to communicate. It describes message specifications,
network management implementations and response to the request from the application of services. Layers three to six
are not described in fieldbus standards.[6]
Technical committees, with representatives of many different companies, have been responsible for turning the original
specifications into international ISO standards. Bury, among others, reports that work is underway to implement a
common fieldbus protocol.[7] This will entail a common set of application-layer services that can be provided regardless
of the lower-layer implementation details. Although very much in its infancy, it is expected that this protocol may
become reality by 2010. Whether designed for low-level sensor communications or high-level machine connectivity (or
both), a fieldbus is an important enabling technology for an open architecture controller.[8]


42

Features
Different fieldbuses offer different sets of features and performance. It is difficult to make a general comparison of
fieldbus performance because of fundamental differences in data transfer methodology. In the comparison table below it
is simply noted if the fieldbus in question typically supports data update cycles of 1 millisecond or faster.
Process Fieldbus vs. Device Networks
It should be noted that requirements of fieldbus networks for process automation applications (flowmeters, pressure
transmitters, and other measurement devices and control valves in industries such as hydrocarbon processing and power
generation) are different from the requirements of fieldbus networks found in discrete manufacturing applications such as
automotive manufacturing, where large numbers of discrete sensors are used including motion sensors, position sensors,
and so on. Discrete fieldbus networks are often referred to as "device networks".
[9]

Ethernet and Fieldbus
Recently a number of Ethernet-based industrial communication systems have been established, most of them with
extensions for real-time communication. These have the potential to replace the traditional fieldbuses in the long term.
Here is a partial list of the new Ethernet-based industrial communication systems:
AFDX
EtherCAT
EtherNet/IP
Ethernet Powerlink
FOUNDATION HSE
BACnet
PROFINET IO
PROFINET IRT
SafetyNET p
SERCOS III
TTEthernet
VARAN
RAPIEnet
Safety
Fieldbus can be used for systems which must meet safety-relevant standards like IEC 61508 or EN 954-1. Depending on
the actual protocol, fieldbus can provide measures like counters, CRC's, echo, timeout, unique sender and receiver ID's or
cross check. Ethernet/IP and SERCOS III both use the CIP Safety protocol,[10] Ethernet Powerlink uses openSAFETY,
while FOUNDATION Fieldbus and Profibus (PROFIsafe) can address SIL 2 and SIL 3 process safety applications.
In January 2006, the Fieldbus Foundation announced that TV Rheinland Industrie Service GmbH, Automation,
Software and Information Technology, a global, independent and accredited testing agency, had granted Protocol Type
Approval for its Safety Specifications. The Foundation Technical Specifications - Safety Instrumented Functions are in
compliance with International Electrotechnical Commission (IEC) 61508 standard (functional safety of

43

electrical/electronic/programmable electronic safety-related systems) requirements up to, and including, Safety Integrity
Level 3 (SIL 3).
[11]

Interchangeability vs Interoperability
Interchangeability is an ability that an object can be replaced by another object without affecting code using the object.
That chance usually requires two objects share an interface that is either same strictly or compatible in particular case.
See encapsulation article for detail.
If interoperability is the measure of how well devices can interact, interchangeability is the measure of the degree to
which multiple items are directly substitutive. More simply, if device A and device B are functionally equivalent, they
are interchangeable.
One of the major interests in open solutions is the ability to swap components for those from alternate vendors. This has
the primary benefit of mitigating vendor lock-in, and the secondary benefit of keeping price pressure on all vendors.The
threat of being replaced is typically enough to prevent vendors from substantially jacking up prices.
Customization is the enemy of interchangeability. Features that are narrowly supported in the industry become barriers to
substitution. While vendors are certainly eager to develop and sell these features, the onus is typically on customers to
avoid deploying these features en masse. And the important point here is that it is ubiquity not standards that determines
this.
Open Flow is by far the hottest standard right now, but there is a lot of space for vendors to claim OpenFlow support.
Forgetting even the difference between OpenFlow 1.0 and 1.3.1, there are multiple capabilities within a single version
that need to be supported equally across vendors for interchangeability to be the case. It is possible, but customers need
to be cognizant of the different levels of support for the standard before they make design decisions if interchangeability
is a desire.
And even when there are not multiple versions of standard, there are instances where standards are not enough to
guarantee interchangeability. In the wireless controller space, one of the potential benefits of CAPWAP was to make it
possible to mix and match, but how many WLAN solutions are interchangeable at the device/AP level?
A more common example, some enterprise networks have adopted Ciscos EIGRP protocol. Network architectures and
surrounding infrastructure have been designed with this protocol in mind, essentially making those Cisco devices
irreplaceable except by other Cisco devices. And even though Cisco has recently opened up the protocol, that doesn't
change the number of commercial-grade alternatives. In effect, users haveby their own designgiven up
interchangeability.
I should note that the power of interchangeability is not necessarily in deploying multiple products alongside each other.
Rather the power is in the ability to replace products with alternatives. In the fight against vendor lock-in (read: higher
pricing and inability to switch), it is the threat of replaceability, not interoperability, that makes a difference. Take for
example the laptop and PC market. A company will standardize on a single (or small set of) laptop model. They can
negotiate pricing because it is not all that difficult to change from one vendor to another (from Intel to Dell, or whatever).
The guys at Lenovo know this, so they have to go into the deal willing to negotiate.
So how do you practically navigate the interchangeability waters?

44

As with interoperability, where you draw the solution boundaries can have a profound impact on the degree to which two
systems are interchangeable. If drawn too narrowly (at the device level, for instance), the fidelity of feature parity must
be extremely high. If drawn more broadly (at the system level, for example), functional equivalence can take many
forms.
In the latter case, one-for-one feature and protocol parity might be less important than broader technology
interchangeability. For example, in any fabric solution, individual nodes are not interchangeable because of the
proprietary fabric protocols. Expanding the boundary to include the system allows interchangeability to be evaluated in
terms of Ethernet and L2 support. In this scenario, interchangeability might actually be achieved despite box-for-box
differences.
So what do I conclude on interoperability and interchangeability?
I think that interchangeability and interoperability are probably the two most common meanings for open. The extent to
which one, the other, or both are desirable is largely dependent on organizational discipline. I actually think customers
have more power here than vendors, as counter-intuitive as that seems.
Many customers include interchangeability as a reason to buy (sometimes referring to it in the negative as avoiding
vendor lock-in), but having interchangeability as a selection criterion while lacking the will (or budget) to execute a swap
introduces artificial constraints on solution selection. While there might be business reasons to advocate this
position publicly (price pressure on the primary vendor, for instance), customers should be preciseat least internally
about what really constitutes a purchasing requirement.
Interoperability
Interoperability is the ability of making systems and organizations work together (inter-operate). While the term was
initially defined for information technology or systems engineering services to allow for information exchange,
[1]
a more
broad definition takes into account social, political, and organizational factors that impact system to system
performance.
[2]
Task of building coherent services for users when the individual components are technically different and
manage by different organizations
[3]

Syntactic interoperability
If two or more systems are capable of communicating and exchanging data, they are exhibiting syntactic interoperability.
Specified data formats, communication protocols and the like are fundamental. XML or SQL standards are among the
tools of syntactic interoperability. This is also true for lower-level data formats, such as ensuring alphabetical characters
are stored in a same variation of ASCII or a Unicode format (for English or international text) in all the communicating
systems.
Syntactical interoperability is a necessary condition for further interoperability.
Semantic interoperability
Beyond the ability of two or more computer systems to exchange information, semantic interoperability is the ability to
automatically interpret the information exchanged meaningfully and accurately in order to produce useful results as
defined by the end users of both systems. To achieve semantic interoperability, both sides must refer to a common
information exchange reference model. The content of the information exchange requests are unambiguously defined:

45

what is sent is the same as what is understood. The possibility of promoting this result by user-driven convergence of
disparate interpretations of the same information has been object of study by research prototypes such as S3DB.
Cross-domain interoperability
Main article: Cross-domain interoperability
Multiple social, organizational, political, legal entities working together for a common interest and/or information
exchange.
[4]

Interoperability and open standards
Interoperability must be distinguished from open standards. Although the goal of each is to provide effective and
efficient exchange between computer systems, the mechanisms for accomplishing that goal differ. Open standards imply
interoperability ab-initio, i.e. by definition, while interoperability does not, by itself, imply wider exchange between a
range of products, or similar products from several different vendors, or even between past and future revisions of the
same product. Interoperability may be developed post-facto, as a special measure between two products, while excluding
the rest, or when a vendor is forced to adapt its system to make it interoperable with a dominant system.
Open standards
Open standards rely on a broadly consultative and inclusive group including representatives from vendors, academicians
and others holding a stake in the development. That discusses and debates the technical and economic merits, demerits
and feasibility of a proposed common protocol. After the doubts and reservations of all members are addressed, the
resulting common document is endorsed as a common standard. This document is subsequently released to the public,
and henceforth becomes an open standard. It is usually published and is available freely or at a nominal cost to any and
all comers, with no further encumbrances. Various vendors and individuals (even those who were not part of the original
group) can use the standards document to make products that implement the common protocol defined in the standard,
and are thus interoperable by design, with no specific liability or advantage for any customer for choosing one product
over another on the basis of standardised features. The vendors' products compete on the quality of their implementation,
user interface, ease of use, performance, price, and a host of other factors, while keeping the customers data intact and
transferable even if he chooses to switch to another competing product for business reasons.
Introduction to OLE for Process Control (OPC)
OLE for Process Control (OPC), is the original name for an open standards specification developed in
1996 by an industrial automation industry task force. The standard specifies the communication of
real-time plant data between control devices from different manufacturers. After the initial release, the OPC Foundation
was created to maintain the standard. Since then, standards have been added and names have been changed. Currently
(June, 2006), "OPC is a series of standards specifications". (Seven current standards and two emerging standards.) "The
first standard (originally called simply the OPC Specification"), is "now called the Data Access Specification", or (later
on the same page) "OPC Data Access", or OPC Data Access Specification. OPC is generally understood to stand for
"OLE for Process Control", even though no page on the OPC Foundation website suggests that the letters "OPC" ever
stood for anything, except for some content written by member companies about themselves.





46

Origin and uses
The OPC Specification was based on the OLE, COM, and DCOM technologies developed by Microsoft for the
Microsoft Windows operating system family. OPC was designed to bridge Windows based applications and process
control hardware and software applications. It is an open standard that permits a consistent method of accessing field data
from plant floor devices. This method remains the same regardless of the type and source of data. OPC servers provide a
method for many different software packages to access data from a process control device, such as a PLC or DCS.
Traditionally, any time a package needed access to data from a device, a custom interface, or driver, had to be written.
The purpose of OPC is to define a common interface that is written once and then reused by any business, SCADA,
HMI, or custom software packages. Once an OPC server is written for a particular device, it can be reused by any
application that is able to act as an OPC client. OPC servers use Microsofts OLE technology (also known as the
Component Object Model, or COM) to communicate with clients. COM technology permits a standard for realtime
information exchange between software applications and process hardware to be defined.

Development
The OPC Unified Architecture (UA) has been specified and is being tested and implemented through
its Early Adopters program. It can be implemented with Java, Microsoft .NET, or C, eliminating the
need to use a Microsoft Windows based platform of earlier OPC versions. UA combines the
functionality of the existing OPC interfaces with new technologies such as XML and Web Services to
deliver higher level MES and ERP support. It looks to become the standard for exchanging industrial
data, replacing FactoryTalk, Archestra, some Modbus applications, and OPCDA.
















47

Unit IV
MODBUS AND PROFIBUS PA/DP/FMS AND FF
Modbus
Introduction
Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use
with its programmable logic controllers (PLCs). Simple and robust, it has since become a de facto standard
communication protocol, and it is now a commonly available means of connecting industrial electronic devices.[1] The
main reasons for the use of Modbus in the industrial environment are:
developed with industrial applications in mind
openly published and royalty-free
easy to deploy and maintain
moves raw bits or words without placing many restrictions on vendors
Modbus enables communication among many (approximately 240) devices connected to the same network, for example
a system that measures temperature and humidity and communicates the results to a computer. Modbus is often used to
connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA)
systems. Many of the data types are named from its use in driving relays: a single-bit physical output is called a coil, and
a single-bit physical input is called a discrete input or a contact.
The development and update of Modbus protocols has been managed by the Modbus Organization[2] since April 2004,
when Schneider Electric transferred rights to that organization, signaling a clear commitment to openness.[3]
The Modbus Organization is an association formed of independent users and suppliers of Modbus compliant devices that
seeks to drive the adoption of the Modbus communication protocol suite, and its evolution to address architectures for
distributed automation systems across multiple market segments.[4]
Communication and devices
Each device intended to communicate using Modbus is given a unique address. In serial and MB+ networks, only the
node assigned as the Master may initiate a command. On Ethernet, any device can send out a Modbus command,
although usually only one master device does so. A Modbus command contains the Modbus address of the device it is
intended for. Only the intended device will act on the command, even though other devices might receive it (an exception
is specific broadcastable commands sent to node 0 which are acted on but not acknowledged). All Modbus commands
contain checksum information, to ensure the command arrives undamaged. The basic Modbus commands can instruct an
RTU to change the value in one of its registers, control or read an I/O port, and command the device to send back one or
more values contained in its registers.
There are many modems and gateways that support Modbus, as it is a very simple protocol and often copied. Some of
them were specifically designed for this protocol. Different implementations use wireline, wireless communication, such
as in the ISM band, and even short message service (SMS) or General Packet Radio Service (GPRS). One of the more
common designs of wireless networks makes use of Mesh networking. Typical problems that designers have to
overcome include high latency and timing issues.

48

Frame format
All Modbus variants choose different frame formats.[1]
Modbus RTU frame format
Name Length (bits) Function
Start 28 At least 3 12 character times of silence (mark condition)
Address 8 Station address
Function 8 Indicates the function code; e.g., read coils/inputs
Data n 8 Data + length will be filled depending on the message type
CRC 16 bits Checksum
End 28 At least 3 12 character times of silence between frames






Modbus ASCII frame format
Name Length (char.) Function
Start 1 Starts with colon ( : ) (ASCII hex value is 0x3A)
Address 2 Station address
Function 2 Indicates the function codes like read coils / inputs
Data n Data + length will be filled depending on the message type
LRC 2 Checksum
End 2 Carriage return line feed (CR/LF) pair (ASCII values of 0x0D & 0x0A)








49

Modbus TCP frame format
Name Length (bytes) Function
Transaction identifier 2 For synchronization between messages of server & client
Protocol identifier 2 Zero for Modbus/TCP
Length field 2 Number of remaining bytes in this frame
Unit identifier 1 Slave address (255 if not used)
Function code 1 Function codes as in other variants
Data bytes n Data as response or commands
Unit identifier is used with Modbus/TCP devices that are composites of several Modbus devices, e.g. on Modbus/TCP to
Modbus RTU gateways. In such case, the unit identifier tells the Slave Address of the device behind the gateway.
Natively Modbus/TCP-capable devices usually ignore the Unit Identifier.
The byte order is Big-Endian (first byte contains MSB).
Implementations
Almost all implementations have variations from the official standard. Different varieties might not communicate
correctly between equipment of different suppliers. Some of the most common variations are:
Data types
o Floating point IEEE
o 32-bit integer
o 8-bit data
o Mixed data types
o Bit fields in integers
o Multipliers to change data to/from integer. 10, 100, 1000, 256 ...
Protocol extensions
o 16-bit slave addresses
o 32-bit data size (1 address = 32 bits of data returned.)
o Word swapped data
Limitations
Since Modbus was designed in the late 1970s to communicate to programmable logic controllers, the number of
data types is limited to those understood by PLCs at the time. Large binary objects are not supported.
No standard way exists for a node to find the description of a data object, for example, to determine if a register
value represents a temperature between 30 and 175 degrees.
Since Modbus is a master/slave protocol, there is no way for a field device to "report by exception" (except over
Ethernet TCP/IP, called open-mbus)- the master node must routinely poll each field device, and look for changes

50

in the data. This consumes bandwidth and network time in applications where bandwidth may be expensive, such
as over a low-bit-rate radio link.
Modbus is restricted to addressing 247 devices on one data link, which limits the number of field devices that
may be connected to a master station (once again Ethernet TCP/IP proving the exception).
Modbus transmissions must be contiguous which limits the types of remote communications devices to those
that can buffer data to avoid gaps in the transmission.
Modbus protocol itself provides no security against unauthorized commands or interception of data.
Function Field
The Function Code field tells the addressed slave what function to perform.
The following functions are supported by Modbus poll
01 READ COIL STATUS
02 READ INPUT STATUS
03 READ HOLDING REGISTERS
04 READ INPUT REGISTERS
05 WRITE SINGLE COIL
06 WRITE SINGLE REGISTER
15 WRITE MULTIPLE COILS
16 WRITE MULTIPLE REGISTERS
The data field contains the requested or send data.
Contents of the Error Checking Field
Two kinds of error-checking methods are used for standard Modbus networks. The error checking field contents depend
upon the method that is being used.
ASCII
When ASCII mode is used for character framing, the error-checking field contains two ASCII characters. The error
check characters are the result of a Longitudinal Redundancy Check (LRC) calculation that is performed on the message
contents, exclusive of the beginning colon and terminating CRLF characters.
The LRC characters are appended to the message as the last field preceding the CRLF characters.

RTU
When RTU mode is used for character framing, the error-checking field contains a 16-bit value implemented as two
eight-bit bytes. The error check value is the result of a Cyclical Redundancy Check calculation performed on the message
contents.
The CRC field is appended to the message as the last field in the message. When this is done, the low-order byte of the
field is appended first, followed by the high-order byte. The CRC high-order byte is the last byte to be sent in the
message.



51

Function 01 (01hex) Read Coils
Reads the ON/OFF status of discrete coils in the slave.
Request
The request message specifies the starting coil and quantity of coils to be read.
Example of a request to read 10...22 (Coil 11 to 23) from slave device address 4:
Field Name RTU (hex) ASCII Characters
Header None : (Colon)
Slave Address 04 0 4
Function 01 0 1
Starting Address Hi 00 0 0
Starting Address Lo 0A 0 A
Quantity of Coils Hi 00 0 0
Quantity of Coils Lo 0D 0 D
Error Check Lo DD LRC (E 4)
Error Check Hi 98
Trailer None CR LF
Total Bytes 8 17

Response
The coil status response message is packed as one coil per bit of the data field. Status is indicated as: 1 is the value ON,
and 0 is the value OFF. The LSB of the first data byte contains the coil addressed in the request. The other coils follow
toward the high-order end of this byte and from low order to high order in subsequent bytes. If the returned coil quantity
is not a multiple of eight, the remaining bits in the final data byte will be padded with zeroes (toward the high-order end
of the byte). The byte count field specifies the quantity of complete bytes of data.
Example of a response to the request:
Field Name RTU (hex) ASCII Characters
Header None : (Colon)
Slave Address 04 0 4

52

Function 01 0 1
Byte Count 02 0 2
Data (Coils 7...10) 0A 0 A
Data (Coils 27...20) 11 1 1
Error Check Lo B3 LRC (D E)
Error Check Hi 50 None
Trailer None CR LF
Total Bytes 7 15


Modbus Trouble shooting
This document may help you to solve problem you may encounter when using the Modbus Serial (RTU or ASCII)
protocol with the Engiby driver on PCD system. Note that a good knowledge of the partner device is necessary to
correctly configure the driver on the PCD.
Typical troubles with the Slave Driver
No communication
In the Slave driver this is indicated by the error Synchro. It means that the Slave driver does not receive any requests
from the Master. First check the cabling (90% or the errors). In RS 232 Tx and Rx must be crossed. In RS 485 dont
cross the wires. The indication Td+ and Td- is not always identical on different devices. Possible labeling for Td+ or D
or Tx/Rx+ or Tx/Rx-P or A Possible labeling for Td- or /D or Tx/Rx- or Tx/Rx-N or B With a long bus cable,
check the end-resistors. The SAIA recommendation for S-Bus network is also valid for Modbus. Refer to the S-Bus
manual.
Diagnostics errors
Typically reasons are:
- the baudrate or the bit settings are not the same on Master and on the Slaves
- wrong cabling (crossed or missing wires)
- bad ground connection between Master and Slaves
- with RS485, bad or missing termination (pul-up, pul-down, resistors inc. supply; termination resistors)
Synchro error
As explained above this code is displayed if no request is received from the Slave. This code is also displayed if the
interval of the requests from the master is lower than the adjusted timeout in Modbus Slave Fbox. If necessary increase
this timeout.

53

SASI error
This error indicate that the driver could not take control of the serial line. A typical error is when the same port is already
declared in the Hardware settings as S-Bus PGU port, Modem or Gateway port. Remove any configuration on the port
used by the Modbus Driver. Ensure also that no other part of your program uses the same port. Else the corresponding
module may be missing, wrong equipped or defective. Furthermore, the PGU port (COM 0 on most systems) is forced in
PGU mode when a PGU cable is used. On NT-systems check the option Full RS232 handshaking in the device
configurator. Use the option Channel 0 PGU if you want to use it alternatively with PGU and Modbus.
Typical troubles with the Master Driver
No communication
In the Master driver, missing communication is indicated with timeout errors. First check the cabling (90% or the errors).
In RS 232 Tx and Rx must be crossed. In RS 485 dont cross the wires. The indication Td+ and Td- is not always
identical on different devices. Tray to exchange Td+ with Td- With a long bus cable, check the end-resistors. The SAIA
recommendation for S-Bus network are also valid for Modbus. Refer to the S-Bus manual.
Some slave device needs an activation or a configuration of the Modbus port before you can use it. Check this point with
the manufacturer of the slave device.
Some slaves may have a high sensitivity on inter-character delay in RTU mode. The PCD firmware doesn't warrantee
that this delay is always respected as specified for Modbus. This problem is increased with the use of the Web-server in
the PCD. A special feature (called the 'freeze bit') has been added in the PCD firmware and the Modbus driver. It gives
positive results in all cases till now. You need at least Modbus library version 2.5.027 and FW 1.08.xx on PCD3 (other
systems not yet known).
Diagnostics errors
Typical reasons are:
- the baudrate or the bit settings are not the same on Master and on the Slaves
- wrong cabling (crossed or missing wires)
- bad ground connection between Master and Slaves
- with RS485, bad or missing termination (pul-up, pul-down, resistors inc. supply; termination resistors)
SASI error
Same comments as for the Slave Driver. See comments above.
Some requests remains without response
Some slaves do not supports all Modbus functions or have restriction on the number of requested values.
Check the following:
- You use the correct Modbus function
- The address where you request values is valid for the slave
- The number of requested values is supported by the slave
All these data should be given in the manual of the slave device, else ask the manufacturer.

54

Error Slave message in the Master Fbox
This error means that the slave refused the request and sent an error message back (also called 'exception response').
Typical causes are:
- The requested address is not valid for the slave.
- The range overpasses the valid address range in the slave.
- A value sent is not accepted by the slave.
Take care at the address offset option (0 or 1). If this option is not correctly set the address maybe shifted by one and be
invalid for the slave.
E.g. address 25 in the master with offset=1, maybe understand as address 24 in the slave if the offset 1 is not applied by
the slave. Address 24 may be invalid for the slave.
PROFIBUS:
Introduction
PROFIBUS is not one communication system, but a variety of protocols built on the same field-bus technology bundle.
Users can combine varieties of PROFIBUS protocols with their own software and other requirements, resulting in a
unique application profile. With many profiles available, PROFIBUS can suit specific needs. One thing remains the
same, though. Through thorough testing, PROFIBUS devices meet a high standard of quality befitting a high quality
network.

History
PROFIBUS was born out of a combined push by the German government, German companies, and other industry leaders
in the late 1980s. Their effort created an automation solution that is not only still viable today, but has led to further
solutions. The proud heritage of PROFIBUS allows for many European customers to turn to automation specific to their
needs.
Origin

The Central Association for the Electrical Industry created PROFIBUS.In 1987, 21 companies and institutions in
Germany joined forces to create a new protocol. Their goal was to create a bit-serial Fieldbus system. In order for the
system to be viable, they needed to standardize the field device interface. The group, which had taken the name Central
Association for the Electrical Industry (ZVEI), completed its goal with the reation of PROFIBUS FMS
(Fieldbus message Specification).

This new protocol satisfied standardization of Industrial Automation through a protocol capable of sending complex
communications. The ZVEI was not finished, though. In 1993, the group introduced a new standard, PROFIBUS DP
(Decentralized Periphery). This new version featured more simplicity, including easier configuration and faster
messaging.

Organizations

PROFIBUS standards are maintained and advanced via a pair of important organizations. In 1989, PROFIBUS
manufacturers and users created the PROFIBUS User Organization (PNO). This group was, and still is, a non-
commercial venture. Members work to advance PROFIBUS through support and education, including publishing
documents that help users satisfy their needs using existing technology.



55

A larger group was formed in 1995 and named PROFIBUS International, or PI. As the largest Fieldbus user association
in the world, PI is able to undertake many tasks vital to the progression of PROFIBUS. Like the PNO, PI educates users
on PROFIBUS and helps advance its placement throughout the world. The organization goes further, though, by helping
with quality assurance, setting standards, and developing new PROFIBUS technologies.

Overview

PROFIBUS is a smart, field-bus technology. Devices on the system connect to a central line. Once connected, these
devices can communicate information in an efficient manner, but can go beyond automation messages. PROFIBUS
devices can also participate in self-diagnosis and connection diagnosis. At the most basic level, PROFIBUS benefits
from superior design of its OSI layers and basic topology.
OSI Model

PROFIBUS OSI Model
PROFIBUS networks make use of three separate layers of the OSI Network model. First, PROFIBUS describes the
application layer. There are multiple versions of PROFIBUS that handle different types of messaging at the application
layer. Some of the types of messaging PROFIBUS supports include cyclic and acyclic data exchange, diagnosis, alarm-
handling, and isochronous messaging.

PROFIBUS does not define layers three through six. It does, however, define the data link and physical layers, layers one
and two. The data link layer is completed through a Field bus Data Link, or FDL. The FDL system combines two
common schemes, master-slave methodology and token passing. In a master-slave network, masters, usually controllers,
send requests to slaves, sensors and actuators. The slaves respond accordingly. PROFIBUS also includes token passing, a
system in which a token signal is passed between nodes. Only the node with the token can communicate. The token
passing concept is like the speaking conch; only the person with the conch is allowed to talk.

Finally, PROFIBUS defines a physical layer, though it leaves room for flexibility. PROFIBUS systems can have three
types of media. The first is a standard twisted-pair wiring system, in this case RS485. Two more advanced systems are
also available. PROFIBUS systems can now operate using fiber-optic transmission in cases where that is more
appropriate. A safety-enhanced system called Manchester Bus Power, or MBP, is also available in situations where the
chemical environment is prone to explosion.

56

Topology
PROFIBUS uses the bus topology. In this topology, a central line, or bus, is wired throughout the system. Devices are
attached to this central bus. One bus eliminates the need for a full-length line going from the central controller to each
individual device.

In the past, each PROFIBUS device had to connect directly to the central bus. Technological advancements, however,
have made it possible for a new two-wire system. In this topology, the PROFIBUS central bus can connect to a
ProfiNet Ethernet system. In this way, multiple PROFIBUS busses can connect to each other.

Types of PROFIBUS
PROFIBUS has advanced through a handful of revisions. In some cases, advances have led to a new type of PROFIBUS.
In other cases, new revisions mean different versions of the same type of PROFIBUS. In any case, the variety of
PROFIBUS solutions mean the system can be adapted to fit the varying needs of different industries.
PROFIBUS FMS
The initial version of PROFIBUS was PROFIBUS FMS, Fieldbus Message Specification. PROFIBUS FMS was
designed to communicate between Programmable Controllers and PCs, sending complex information between them.
Unfortunately, being the initial effort of PROFIBUS designers, the FMS technology was not as flexible as needed. This
protocol was not appropriate for less complex messages or communication on a wider, more complicated network. New
types of PROFIBUS would satisfy those needs. PROFIBUS FMS is still in use today, though the vast majority of users
find newer solutions to be more appropriate.

PROFIBUS DP
The second type of PROFIBUS is more universal. Called PROFIBUS DP, for Decentralized Periphery, this new protocol
is much simpler and faster. PROFIBUS DP is used in the overwhelming majority of PROFIBUS application profiles in
use today. Application profiles allow users to combine their requirements for a specific solution, and they will be
discussed in more detail shortly. PROFIBUS DP has, itself, three separate versions. Each version, from DP-V0 to DP-V1
and DP-V2, provides newer, more complicated features.
PROFIBUS PA
PROFIBUS PA is a protocol designed for Process Automation. In actuality, PROFIBUS PA is a type of PROFIBUS DP
Application profile. PROFIBUS PA standardizes the process of transmitting measured data. It does hold a very important
unique characteristic, though. PROFIBUS PA was designed specifically for use in hazardous environments.
In most environments, PROFIBUS PA operates over RS485 twisted pair media. This media, along with the PA
application profile supports power over the bus. In explosive environments, though, that power can lead to sparks that
induce explosions. To handle this, PROFIBUS PA can be used with Manchester Bus Powered technology (MBP).

MBP Technology
The MBP media was designed specifically to be used in PROFIBUS PA. It permits transmission of both data and power.
The technology steps the power down, though. A smaller power reduces, or nearly eliminates, the possibility of
explosion. Buses using MBP can reach 1900 meters and can support branches.

57

Application Profiles

PROFIBUS can be tailored to specific needs using application profiles. There are many profiles that combine standards
for transmission media, communication protocol (FMS, DP-V0, etc), and unique protocols. Each application profile is
tailored to a specific use, and new profiles appear regularly. To list them all would be cumbersome.
Some application profiles are widespread, though. Two examples are PROFIsafe and PROFIdrive. PROFIsafe

PROFIsafe uses additional software to create a high-integrity network. This network is useful in situations where high
safety is a requirement. For suppliers and manufacturers to be certified in PROFIsafe, they must maintain high standards
in quality.

Quality Assurance
The PROFIBUS User Organization has created a conformance testing program to ensure devices meet high standards. In
this program, a device is sent to an independent laboratory for testing. The device then undergoes a comprehensive series
of tests, including Hardware, Conformity, and Function tests, among others. The test results are documented.When a
device passes all tests, its manufacturer can apply for a conformance certificate. The certificate is valid for three years
and can be renewed with further testing.
PROFIBUS-FMS Communication Model
The PROFIBUS-FMS communication model permits distributed application processes to be unified into a common
process by using communication relationships. That portion of an application process in a field device which can be
reached via communication is called a virtual field device (VFD). Figure 18 shows the relationship between the real field
device and the virtual field device. In this example, only certain variables (i.e., number of units, rate of failure and
downtime) are part of the virtual field device and can be read or written via the two communication relationships.

Virtual field device with object dictionary



58

Communication Objects and Object Dictionary (OD)
All communication objects of an FMS device are entered in the device's local object dictionary. The object dictionary
can be predefined for simple devices. When complex devices are involved, the object dictionary is configured and loaded
to the device either locally or remotely. The object dictionary contains description, structure and data type, as well as the
relationship between the internal device addresses of the communication objects and their designation on the bus
(index/name). The object dictionary is comprised of the following elements:
Header
Contains information on the structure of the object dictionary

List of static data types
Lists static data types supported

Static object dictionary
Contains all static communication objects

Dynamic list of the variable lists
Lists all known variable lists

Dynamic program list
Lists all known programs
The individual parts of the object dictionary must only be present when the device actually supports these functions.
Static communication objects are entered in the static object dictionary. They can be predefined by the manufacturer of
the device or specified during configuration of the bus system. FMS recognizes five types of communication objects:
Simple Variable
Array
Series of simple variables of the same type
Record
Series of simple variables of different types
Domain
Event
Dynamic communication objects are entered in the dynamic portion of the object dictionary. They can be predefined or
defined, deleted or changed with the FMS services. FMS recognizes two types of dynamic communication objects.
Program invocation
Variable
list
series of simple variables, arrays or records
Logical addressing is the preferred method of addressing for FMS communication objects. Accessing is performed with
a short address (the index) which is a number of type Unsigned16. Each object has a individual index. As an option, the
objects can also be addressed by name or with their physical address.

59

Every communication object can be optionally protected against unauthorized access. Access to an object may only be
permitted with a certain password or access may only be permitted for a certain group of devices. Password and device
group can be specified in the object dictionary for each object individually. In addition, permissible services (read-only
accesses) for accessing an object can be restricted.
PROFIBUS Bus Access Protocol
All three PROFIBUS versions (DP, FMS and PA) use a uniform bus access protocol. This protocol is implemented by
layer 2 of the OSI reference model. This also includes data security and the handling of the transmission protocols and
telegrams.
In PROFIBUS, layer 2 is called Fieldbus Data Link (FDL). The Medium Access Control (MAC) specifies the procedure
when a station is permitted to transmit data. The MAC must ensure that only one station has the right to transmit data at a
time. The PROFIBUS protocol has been designed to meet two primary requirements for the Medium Access Control :
During communication between complex automation systems (master), it must be ensured that each of these stations
gets sufficient time to execute its communication tasks within a precisely defined time interval.
Cyclic, real-time data transmission is to be implemented as fast and as simple as possible for communication between a
complex programmable controller and its assigned simple I/O devices (slaves).
Therefore, the PROFIBUS bus access protocol (see figure 6) includes the token passing procedure which is used by
complex bus stations (master) to communicate with each other, and the master-slave procedure which is used by complex
bus stations to communicate with the simple I/O devices (slaves).

All three PROFIBUS versions use a uniform bus access protocol
The token passing procedure guarantees that the bus access right (the token) is assigned to each master within a
precisely defined time frame. The token message, a special telegram for passing access rights from one master to the next
master must be passed around the logical token ring once to all masters within a prescribed maximum token rotation
time. In PROFIBUS the token passing procedure is only used for communication between complex stations (master).

60

The master-slave procedure permits the master (the active station) which currently owns the token to access the
assigned slaves (the passive stations). The master can send messages to the slaves or read messages from the slaves. With
this method of access it is possible to implement the following system configurations:
Pure master-slave system
Pure master-master system (with token passing)
A combination of the two
Figure 6 shows a PROFIBUS configuration with three active stations (masters) and seven passive stations (slaves). The
three masters form a logical token ring. When an active station receives the token telegram, it can perform its master role
for a certain period of time. During this time it can communicate with all slave stations in a master-slave communication
relationship and with all master stations in a master-master communication relationship.
A token ring is the organizational chain of active stations which form a logical ring based on their station addresses. In
this ring the token (bus access right) is passed from one master to the next in a specified order (increasing addresses).
In the start-up phase of the bus system, the task of the medium access control (MAC) of the active stations is to detect
this logical assignment and to establish the token ring. In the operational phase, defective or switched- off (active)
stations must be removed from the ring and new active stations can be added to the ring. In addition, the bus access
control ensures that the token is passed from one master to the next in order of increasing addresses. The actual token
hold time of a master depends on the configured token rotation time. In addition the detection of defects on the
transmission medium and on the line receiver, as well as the detection of errors in station addressing (e.g., multiple
addresses assigned) or in token passing (e.g., multiple tokens or token loss) are characteristic features of the PROFIBUS
medium access control.
Service Function DP PA FMS
SDA Send Data with Acknowledge
SRD Send and Request Data with reply
SDN Send Data with No acknowledge
CSRD Cyclic Send and Request Data with reply

Services of the PROFIBUS data security layer (layer 2)
Another important task of layer 2 is data security. PROFIBUS layer 2 frame formats ensure high data integrity. All
telegrams have Hamming Distance HD=4. This is achieved by using special start and end delimiters slip-free
synchronization and a parity bit for each octet as defined in the international standard IEC 870-5-1.
PROFIBUS layer 2 operates in a connectionless mode. In addition to logical peer-to-peer data transmission, it provides
multi-peer communication (Broadcast and Multicast).
Broadcast communication means that an active station sends an unacknowledged message to all other stations (master
and slaves).

61

Multicast communication means that an active station sends an unacknowledged message to a predetermined group of
stations (master and slaves).
In PROFIBUS-FMS, DP and PA an individual subset of layer-2 services is used. See table 7. The services are called via
service access points (SAPs) of layer 2 by the higher layers. In PROFIBUS-FMS these service access points are used to
address the logical communication relationships. In PROFIBUS-DP and PA a precisely defined function is assigned to
each service access point. Several service access points can be used simultaneously for all active and passive stations. A
distinction is made between source (SSAP) and destination service access points (DSAP).




















62

Unit V
INDUSTRIAL ETHERNET AND WIRELESS COMMUNICATION
Industrial Ethernet

Industrial Ethernet switch
Industrial Ethernet (IE) refers to the use of standard Ethernet protocols with rugged connectors and extended
temperature switches in an industrial environment, for automation or process control. Components used in plant process
areas must be designed to work in harsh environments of temperature extremes, humidity, and vibration that exceed the
ranges for information technology equipment intended for installation in controlled environments.
The use of fiber Ethernet reduces the problems of electrical noise and provides electrical isolation to prevent equipment
damage. Some industrial networks emphasized deterministic delivery of transmitted data, whereas Ethernet used
collision detection which made transport time for individual data packets difficult to estimate with increasing network
traffic. Typically, industrial use of Ethernet use full-duplex standards and other methods so that collisions do not
unacceptably influence transmission times.
Application environment
While industrial Ethernet systems use the same protocols as Ethernet applied to office automation, industrial plant use
requires consideration of the environment in which the equipment must operate. Plant-floor equipment must tolerate a
wider range of temperature, vibration, and electrical noise than equipment installed in dedicated information-technology
areas. Since closed-loop process control may rely on an Ethernet link, economic cost of interruptions may be high and
availability is therefore an essential criterion. Industrial Ethernet networks must interoperate with both current and legacy
systems, and must provide predictable performance and maintainability. In addition to physical compatibility and low-
level transport protocols, a practical industrial Ethernet system must also provide interoperability of higher levels of the
OSI model. An industrial network must provide security both from intrusions from outside the plant, and from
inadvertent or unauthorized use within the plant.[1]
Industrial networks often use network switches to segment a large system into logical sub-networks, divided by address,
protocol, or application. Using network switches allows the network to be broken up into many small collision domains.
This reduces the risk of a faulty or mis-configured device generating excess network traffic. When an industrial network
must connect to an office network or external networks, a firewall system can be inserted to control exchange of data
between the networks. To preserve the performance and reliability of the industrial network, general office automation
systems are separated from the network used for control or I/O devices.

63

Advantages and difficulties
PLC (Programmable logic controller) communicate using one of several possible open or proprietary protocols, such as
Modbus, Sinec H1, Profibus, CANopen, DeviceNet or FOUNDATION Fieldbus. The idea to use standard Ethernet
makes these systems more inter-operable.
Some of the advantages over other types of industrial network are:
Increased speed, up from 9.6 kbit/s with RS-232 to 1 Gbit/s with Gigabit Ethernet over Cat5e/Cat6 cables or
optical fiber
Increased distance
Ability to use standard access points, routers, switches, hubs, cables and optical fiber
Ability to have more than two nodes on link, which was possible with RS-485 but not with RS-232
Peer-to-peer architectures may replace master-slave ones
Better interoperability
Difficulties of using Industrial Ethernet include:
Migrating existing systems to a new protocol
Real-time uses may suffer for protocols using TCP
Managing a whole TCP/IP stack is more complex than just receiving serial data
The minimum Ethernet frame size is 64 bytes, while typical industrial communication data sizes can be closer to
18 bytes. This protocol overhead affects data transmission efficiency.
Radio link
A radio repeater is a combination of a radio receiver and a radio transmitter that receives a weak or low-level signal and
retransmits it at a higher level or higher power, so that the signal can cover longer distances without degradation. This
article refers to professional, commercial, and government radio systems. A separate article exists for Amateur radio
repeaters.
In dispatching, amateur radio, and emergency services communications, repeaters are used extensively to relay radio
signals across a wider area. With most emergency (and some other) dispatching systems, the repeater is synonymous
with the base station, which performs both functions. This includes police, fire brigade, ambulance, taxicab, tow truck,
and other services. The General Mobile Radio Service in the United States and UHF CB service in Australia also use
repeaters in much the same fashion as amateur radio operators do.

For decades, cross-band repeaters have been used as fixed links. The links can be used for remote control of base stations
at distant sites or to send audio from a diversity (voting) receiver site back to the diversity combining system (voting
comparator). Some legacy links occur in the US 150-170 MHz band. US Federal Communications Commission rule
changes did not allow 150 MHz links after the 1970s. Newer links are more often seen on 72-76 MHz (Mid-band), 450-
470 MHz interstitial channels, or 900 MHz links. These links, known as fixed stations in US licensing, typically connect
an equipment site with a dispatching office


64

The Components

The following diagram illustrate major components in two-way radio system. The diagram shows a typical wide area
network.



Typical Network Component
In a typical configuration, a wide area radio network consists of 3 major components:
- Switching system
- Base Stations
- Radio Terminal

Note that the above configuration applies to a wide area radio network. For a single site radio network, typically there is
no centralized switching system. Its switching or commonly known as controller resides in the same physical location
as Base Station. Thus, a single-site radio network consists of:
- Base station or site repeater (which includes site controller)
- Radio Terminal
Radio Terminal
Also known as: Subscribers Unit, Radio Unit, Mobile Station, Portable Radio, Mobile Radio, Fixed-Station Radio
This is a device for the user to communicate and interface to the network. For end-users, they will mostly see these
devices more often than the radio infrastructure itself. Thus, the ergonomics and performance of radio terminal (i.e. size,
weight, battery life, user interface and ease of use) plays important role for end-users acceptance of radio system.


65

In general, radio terminal can be classified into:
Portable Radio
This is the device that users can carry while in the move. Since users carry this device most of the time, the
ergonomics of portable radio (i.e. size and weight) is one of important factors for users. However, size, weight
and battery life are, among others, factors that limit the performance of radio unit. Portable radios usually have
lower power output compared to mobile or fixed-station radio due to the above limitation factors. Thus, the range
of portable radio is typically smaller than mobile or fixed-station radio. In many cases, portable radio with higher
power comes with bigger form factors. Usually there will be a trade-off between the size of portable and power
output. Either you can have smaller form factor radio but lower power or higher power but bigger form factor.
Mobile Radio
This is the device that permanently installed in a vehicle or a car. The size and weight of this mobile radio is
bigger than portable radio but it usually does not really matter to user because mobile radio is permanently fixed
into the vehicle (i.e. users do not have to carry a mobile radio). Typically, mobile radio has higher power output
than portable radio due to its form factor which facilitate more components to produce higher power as well as it
does not have issue with battery life (it uses vehicle battery for its power). Thus, the range of a mobile radio is
usually greater than portable radio.
Fixed-Station Radio
This device is usually installed in a fixed location such as a branch office or a field post. Typically, a fixed-
station radio is a mobile radio with a power supply, external microphone or speaker and better antenna system
(such as directional antenna). Thus, the range of fixed-station radio is greater than mobile and portable radio.
Base Station or Repeater
Also known as: Site repeater, RF Repeater, Site
This is a network component that provides RF coverage in a radio network. In typical configuration, a base station can
consist of RF Repeater(s), Controller(s), antenna distribution system (i.e. duplexer, combiner, etc) and Power Supply.
In the traditional Two-way Radio world, the term Base Station is also known as a fixed station that receives a signal but
do not re-broadcast the signal to other radio users in the system. This configuration allows an operator, commonly known
as the dispatcher, sitting in the office to communicate with the radio terminals in the field. The term Repeater is used
referring to a transceiver that receive a signal and re-transmit it at the same time. The primary purpose of repeaters is to
extend coverage. The main difference between base station and repeater is that a repeater repeats a signal that it receives,
a base station doesnt.
Nowadays, the term of Base Station and Repeaters are often mixed referring to network component that provides RF
coverage.
In one radio network, there can be multiple base stations or repeaters to provide necessary coverage. In a wide area
configuration, these base stations are connected to a central switch that manages the entire network. The connection from
the base stations to switch is called a Site Link.

66

Switching System or Controller
Also known as: Central controller, central switch, Mobile Switching Office (MSO)
This is a network component that manages the entire network. The switching system, for example, manages the traffic in
and out and route the communication to and from base stations. Switching system is the brain of the network without
which the network will not be able to handle wide area network calls.
In typical configuration, a switching system can consist of multiple devices or equipments. Each equipment handles
specific function. For example, one equipment handles the routing of the calls while the other handles interaction with
base stations. More often than not, these devices or equipments are placed in rack(s) or cabinet(s). Depending on the
complexity of the network, the switching system can have from one to tens of racks.
Mobile Switching Office (MSO)
Also known as: Switching system, Controller, Central controller, central switch
This refers to physical location where all of network switching or controller is placed. This term is derived from cellular
network for a common term to refer to its switching system. Since the switching system is located in one physical
location, the generic term is Mobile Switching Office (MSO) with an office word added to emphasize a location that
accommodates various equipment of the switch.
In two-way radio, this term is sometimes also used to refer to the radio switching system, especially for radio network
with complex switching system. A digital trunked radio system like iDEN, for example, has an architecture similar to a
cellular system. Its switching system is as complex as the cellular system. Thus, the iDEN switching system sometimes
refers to iDEN MSO.
Site Link
This is a facility to connect base station(s) to its switching system. Depending on the technology and products, site link
can be E1, partial E1, microwave, 4W, fiber-optic network and any other means to connect base station to its switching
with necessary bandwidth and performance. In many radio network installations, site link(s) can be leased from a
telecom provider (i.e. E1 line) or owned by the organization (i.e. microwave). Leased line will typically incur a monthly
recurring cost but has lower maintenance cost while privately owned link will need a higher capital expenditure to buy
the equipment and maintenance expenses but organizations do not to need to pay monthly subscription like leased line.
There are several discussions on the use of satellite as site link. The long delay of satellite link is one of the main factors
that need to be considered for two-way radio network implementation, especially for group call type of communication.
The use of satellite link for two-way radio is discussed in the Advanced Topics.
Antenna System
This is a device connected to the base station / repeater to propagate the Radio Frequency (RF) energy. Antenna system
plays an important role to determine the efficiency of converting electrical energy into RF energy. Thus, determine the
area of coverage.
There are several antenna configurations to meet various condition and terrain.

67

A typical antenna parameters are:
Frequency Band: This is the range of the band that the antenna will operate in (i.e. 806-870 MHz). This only
means that the antenna will operate within this band. It usually does not necessarily mean that the antenna will
operate over the entire band.
Bandwidth: The maximum frequency separation that this antenna will operate within the frequency band.
Gain: Antenna gain is proportional to the product of directivity and the antennas efficiency. Directivity is a
measure of how an antenna focuses energy. Antennas efficiency accounts for loss associated with antenna. Gain
is achieved in an antenna by re-directing energy from some directions into the desired directions. The higher the
gain of the antenna, the further the coverage obtained. However, a higher gain antenna typically means higher
cost.
Radiation Pattern: In Two-Way Radio, there are usually uni-directional antenna or omni-directional antenna.
The names reflect the radiation pattern produced by each type of antenna.
Maximum Input Power: Look for the specs with the maximum input power rating of the antenna is greater
than the RF power output rating of the transmitter(s).
VSWR (Voltage Standing Wave Ratio): A high VSWR (Voltage Standing Wave Ratio) implies a large
amount of reflected power. This means that the amount of forward power is less. Therefore, the higher the
VSWR, the less efficient the antenna.
Length: This refers to the physical length of the antenna. A long antenna is cumbersome to ship, store or
install.
Wind Loading: In windy areas, the load of the wind on the antenna must be taken into account.

Dispatcher or Console System
This is a network sub-system where an operator, commonly known as dispatcher, interface with the network to monitor
users activities and communicate with users in the field. The dispatcher acts as the central focus of the most two-way
radio system and usually has more powerful features to allow the dispatcher operator to effectively monitor and manage
the users in the field. The dispatcher is usually located at organizations control center (also known as: Command and
Control room or Monitor room).
In traditional two-way radio system, console or dispatcher system has various buttons and LEDs to facilitate monitoring
and managing various talk group. In a modern two-way radio system, these buttons and LEDs are replaced with Personal
Computer equipped with specialized Digital Sound Processing (DSP) card and other specialized equipment to facilitate
monitoring and managing users effectively. Many dispatcher and console system has a Graphical User Interface (GUI)
for ease of use.
Network Management System
This is a network sub-system to monitor and manage all related components in the entire network. Depending on the
products, Network Management System can vary in term of functionalities and performance. An industry standard for
network management which follows the Open System Interconnection (OSI) reference model will have, at least, the
following functional management known as FCAPS:

68

- Fault management
- Configuration management
- Accounting management
- Performance management, and
- Security management
In modern two-way radio system, the Network Management System uses computerized system, such as Personal
Computer with specialized hardware and software to perform the function. The use of Personal Computer with Graphical
User Interface (GUI) will make it easier for network manager to monitor and manage the network.
Area of Coverage
Area of coverage indicates the area where the radio terminals have usable signal (uplink and downlink) to use the radio
network. The usable signal means an acceptable signal level that allows user to communicate. A term that is mostly used
in area of coverage is coverage reliability. A 95% coverage reliability means that there is 95% chance that user will have
the acceptable signal level in particular area of coverage. The higher the number, the better the coverage but it usually
comes with higher cost due to the need to build more base station or repeater sites.
Radio Modems for Data Applications
INTRODUCTION to RTcom
TM
Radio Modems
We have a wide and diverse customer base using our RTcom
TM
modems. But what makes them so popular you may ask!
The answer is the unique RTcom
TM
protocol used by the modem for its on air communications. This protocol is to code
efficient that it permits real time data transfers without any significant delay. In fact the transmit to receive acknowledge
is often as little as 3ms making the link transparent to the sending terminal as if it were over cable!
Radio Modems for point to point data links:

With the RTCom's basically what goes in comes out ! There are versions offering communications over distances of just
a 100 meters to over 50Km, at data rates from 1200baud to 57,600Kbps, with full support for 7 or 8 bit ASCII, 1 or 2
stop bits and even or odd parity!.
Wire Free Broadcast, Multi-Drop Systems, wire free bus bridges:
The transparency of the RTcom
TM
protocol and the minimal latency make it practical to set up "star" multi-drop
broadcast networks where a single radio modem is connected to the master and slaves are each connected to their own
modem or share a modem using RS485 or RS422 local bus.

69


Effectively the either becomes the cable with the master modem connected to it and the slaves the slaves hang off the
cable (either) as before! The broadcast comes from the master and the slave with the matching address responds.
Radio Modems for Industry: With RS485 and RS422:
Interfaces: TTL, RS232, RS422 and or 4-wire RS485 are supported. Custom interface standards are also available to
special order. RS422 and RS485 interfaces are very common in industry and are valued for their ability to operate over
long distances and for supporting multi-drop access. (more than one modem or device shares the same cable).
Our Radio Modems such as the Global, Universal and Outback all feature RS232 + RS422 and RS485 interfaces as
standard. This makes these units ideal for networking with PLC's and other similar industrial devices. They also include
internal links that permit selection of 2 or 4-wire operation, a rarity these days!
The universal modem operates at up to 57,600bps over distances of up to 300m, whilst the global 10mW up to 3km and
the Global G500 (500mW) up to 30Km.
Half Duplex vs Full Duplex and Buffered Communications
Half duplex communications is the mainstay of professional industrial communications systems. It is used by PLC's and
on scanning telemetry alike. Half duplex communications is where the sending station sends and receives a message over
a single radio channel or cable. The sequence is as follows:-
[01010101]:[address]:[message]:[CRC]....turnaround delay......[101010101]:[reply address]:[reply message]:[CRC]
With full duplex operation the system normally requires two channels to communicate. In the case of cabled systems
and second cable pair or a second modulated carrier and in the case of radio systems a second radio channel normally
spaced at least 10MHz away from the sending carrier. In theory full duplex communications offers many advantages of
speed over half duplex. However the improvement are often marginal in particular if packets of data are small. This is
because the reply still cannot be generated until the outgoing message is complete and checked for errors.

70

[01010101]:[address]:[message]:[CRC]....<1ms delay....[101010101]:[reply address]:[reply message]:[CRC]
In cases of high noise the NAK can be sent quicker to request another packet. But in general most links are operated over
conditions with a SINAD of better than 20dB. The only saving can be in turn around time! In our case something that
can be as little as 15ms!
Fake full duplex or buffered systems can be supplied where the data is loaded into a buffer at the sending end. The
message is then sent over the radio channel and loaded into a buffer at the other end. Finally it is down loaded into the
remote terminal. This type of system is very slow and can has the major problem of an indeterminate time for reply due
to buffering effect. It is only suitable for a very limited number of applications.
Radio spectrum
Radio spectrum refers to the part of the electromagnetic spectrum corresponding to radio frequencies that is,
frequencies lower than around 300 GHz (or, equivalently, wavelengths longer than about 1 mm). Electromagnetic waves
in this frequency range, called radio waves, are used for radio communication and various other applications, such as
heating. The generation of radio waves is strictly regulated by the government in most countries, coordinated by an
international standards body called the International Telecommunications Union (ITU). Different parts of the radio
spectrum are allocated for different radio transmission technologies and applications. In some cases, parts of the radio
spectrum is sold or licensed to operators of private radio transmission services (for example, cellular telephone operators
or broadcast television stations). Ranges of allocated frequencies are often referred to by their provisioned use (for
example, cellular spectrum or television spectrum).
[1]

By frequency
A band is a small section of the spectrum of radio communication frequencies, in which channels are usually used or set
aside for the same purpose.
Above 300 GHz, the absorption of electromagnetic radiation by Earth's atmosphere is so great that the atmosphere is
effectively opaque, until it becomes transparent again in the near-infrared and optical window frequency ranges.
To prevent interference and allow for efficient use of the radio spectrum, similar services are allocated in bands. For
example, broadcasting, mobile radio, or navigation devices, will be allocated in non-overlapping ranges of frequencies.
Each of these bands has a basic bandplan which dictates how it is to be used and shared, to avoid interference and to set
protocol for the compatibility of transmitters and receivers. See detail of
bands:http://www.ntia.doc.gov/files/ntia/Spectrum_Use_Summary_Master-06212010.pdf
As a matter of convention, bands are divided at wavelengths of 10
n
metres, or frequencies of 310
n
hertz. For example,
30 MHz or 10 m divides shortwave (lower and longer) from VHF (shorter and higher). These are the parts of the radio
spectrum, and not its frequency allocation.




71

Band name Abbreviation ITU
band
Frequency
and
wavelength in air
Example uses
Tremendously
low frequency
TLF < 3 Hz
> 100,000 km
Natural and artificial electromagnetic noise
Extremely low
frequency
ELF 330 Hz
100,000 km 10,000 km
Communication with submarines
Super low
frequency
SLF 30300 Hz
10,000 km 1000 km
Communication with submarines
Ultra low
frequency
ULF 3003000 Hz
1000 km 100 km
Submarine communication, Communication
within mines
Very low
frequency
VLF 4 330 kHz
100 km 10 km
Navigation, time signals, submarine
communication, wireless heart rate monitors,
geophysics
Low frequency LF 5 30300 kHz
10 km 1 km
Navigation, time signals, AM longwave
broadcasting (Europe and parts of Asia), RFID,
amateur radio
Medium
frequency
MF 6 3003000 kHz
1 km 100 m
AM (medium-wave) broadcasts, amateur radio,
avalanche beacons
High frequency HF 7 330 MHz
100 m 10 m
Shortwave broadcasts, citizens' band radio,
amateur radio and over-the-horizon aviation
communications, RFID, Over-the-horizon radar,
Automatic link establishment (ALE) / Near
Vertical Incidence Skywave (NVIS) radio
communications, Marine and mobile radio
telephony
Very high
frequency
VHF 8 30300 MHz
10 m 1 m
FM, television broadcasts and line-of-sight
ground-to-aircraft and aircraft-to-aircraft
communications. Land Mobile and Maritime
Mobile communications, amateur radio, weather
radio
Ultra high
frequency
UHF 9 3003000 MHz
1 m 100 mm
Television broadcasts, Microwave oven,
Microwave devices/communications, radio
astronomy, mobile phones, wireless LAN,
Bluetooth, ZigBee, GPS and two-way radios
such as Land Mobile, FRS and GMRS radios,
amateur radio
Super high SHF 10 330 GHz Radio astronomy, microwave

72

frequency 100 mm 10 mm devices/communications, wireless LAN, most
modern radars, communications satellites,
satellite television broadcasting, DBS, amateur
radio
Extremely high
frequency
EHF 11 30300 GHz
10 mm 1 mm
Radio astronomy, high-frequency microwave
radio relay, microwave remote sensing, amateur
radio, directed-energy weapon, millimeter wave
scanner
Terahertz or
Tremendously
high frequency
THz or THF 12 3003,000 GHz
1 mm 100 m
Terahertz imaging a potential replacement for
X-rays in some medical applications, ultrafast
molecular dynamics, condensed-matter physics,
terahertz time-domain spectroscopy, terahertz
computing/communications, sub-mm remote
sensing, amateur radio
ITU
The ITU radio bands are designations defined in the ITU Radio Regulations. Article 2, provision No. 2.1 states that "the
radio spectrum shall be subdivided into nine frequency bands, which shall be designated by progressive whole numbers
in accordance with the following table
[2]
".
The table originated with a recommendation of the IVth CCIR meeting, held in Bucharest in 1937, and was approved by
the International Radio Conference held at Atlantic City in 1947. The idea to give each band a number, in which the
number is the logarithm of the approximate geometric mean of the upper and lower band limits in Hz, originated with
B.C. Fleming-Williams, who suggested it in a letter to the editor of Wireless Engineer in 1942. (For example, the
approximate geometric mean of Band 7 is 10 MHz, or 10
7
Hz.)
[3]

Table of ITU Radio Bands
Band
Number
Symbols Frequency Range Wavelength Range

4 VLF 3 to 30 kHz 10 to 100 km
5 LF 30 to 300 kHz 1 to 10 km
6 MF 300 to 3000 kHz 100 to 1000 m
7 HF 3 to 30 MHz 10 to 100 m
8 VHF 30 to 300 MHz 1 to 10 m
9 UHF 300 to 3000 MHz 10 to 100 cm
10 SHF 3 to 30 GHz 1 to 10 cm

73

11 EHF 30 to 300 GHz 1 to 10 mm
12 THF 300 to 3000 GHz 0.1 to 1 mm
IEEE
Radar-frequency bands according to IEEE
standard
[4]

Band
designation
Frequency
range

[citation needed]

HF 3 to 30 MHz High Frequency
[5]

VHF 30 to
300 MHz
Very High
Frequency
[5]

UHF 300 to
1000 MHz
Ultra High
Frequency
[5]

L 1 to 2 GHz Long wave
S 2 to 4 GHz Short wave
C 4 to 8 GHz Compromise between
S and X
X 8 to 12 GHz Used in WW II for
fire control, X for
cross (as in crosshair).
Exotic.
[6]

Ku 12 to
18 GHz
Kurz-under
K 18 to
27 GHz
German Kurz (short)
Ka 27 to
40 GHz
Kurz-above
V 40 to
75 GHz

W 75 to
110 GHz
W follows V in the
alphabet
mm 110 to
300 GHz
[note
1]

Millimeter
[4]

EU, NATO, US ECM
frequency designations
Radar-frequency bands as
defined by NATO for
ECM systems
[7][6]

Band Frequency
range
A band 0 to 0.25 GHz
B band 0.25 to 0.5 GHz
C band 0.5 to 1.0 GHz
D band 1 to 2 GHz
E band 2 to 3 GHz
F band 3 to 4 GHz
G band 4 to 6 GHz
H band 6 to 8 GHz
I band 8 to 10 GHz
J band 10 to 20 GHz
K band 20 to 40 GHz
L band 40 to 60 GHz
M band 60 to 100 GHz

Waveguide frequency
bands
See also: Waveguide
(electromagnetism)
Waveguide in practice
Band Frequency
range
[8]

R band 1.70 to
2.60 GHz
D band 2.20 to
3.30 GHz
S band 2.60 to
3.95 GHz
E band 3.30 to
4.90 GHz
G band 3.95 to
5.85 GHz
F band 4.90 to
7.05 GHz
C band 5.85 to
8.20 GHz
H band 7.05 to
10.10 GHz
X band 8.2 to 12.4 GHz
Ku
band
12.4 to
18.0 GHz
K band 15.0 to
26.5 GHz
Ka
band
26.5 to
40.0 GHz
Q band 33 to 50 GHz

74

1. The designation mm is also used to
refer to the range from 30 to 300 GHz.
[4]

U band 40 to 60 GHz
V band 50 to 75 GHz
W
band
75 to 110 GHz
F band 90 to 140 GHz
D band 110 to 170 GHz
Y band 325 to 500 GHz

Comparison of radio band designation standards
Frequency IEEE
[4]
EU,
NATO,
US ECM
ITU
no. abbr.
A TLF
3 Hz 1 ELF
30 Hz 2 SLF
300 Hz 3 ULF
3 kHz 4 VLF
30 kHz 5 LF
300 kHz 6 MF
3 MHz HF 7 HF
30 MHz VHF 8 VHF
250 MHz B
300 MHz UHF 9 UHF
500 MHz C
1 GHz L D
2 GHz S E
3 GHz F 10 SHF
4 GHz C G

75

6 GHz H
8 GHz X I
10 GHz J
12 GHz Ku
18 GHz K
20 GHz K
27 GHz Ka
30 GHz 11 EHF
40 GHz V L
60 GHz M
75 GHz W
100 GHz
110 GHz mm
300 GHz 12 THF
3 THz
By application
Broadcasting
Broadcast frequencies:
Longwave AM Radio = 148.5 kHz 283.5 kHz (LF)
Mediumwave AM Radio = 530 kHz 1710 kHz (MF)
Shortwave AM Radio = 3 MHz 30 MHz (HF)
Designations for television and FM radio broadcast frequencies vary between countries, see Television channel
frequencies and FM broadcast band. Since VHF and UHF frequencies are desirable for many uses in urban areas, in
North America some parts of the former television broadcasting band have been reassigned to cellular phone and various
land mobile communications systems. Even within the allocation still dedicated to television, TV-band devices use
channels without local broadcasters.
The Apex band in the United States was a pre-WWII allocation for VHF audio broadcasting; it was made obsolete after
the introduction of FM broadcasting.


76

Air band
Airband refers to VHF frequencies used for navigation and voice communication with aircraft. Trans-oceanic aircraft
also carry HF radio and satellite transceivers.
Marine band
The greatest incentive for development of radio was the need to communicate with ships out of visual range of shore.
From the very early days of radio, large oceangoing vessels carried powerful long-wave and medium-wave transmitters.
High-frequency allocations are still designated for ships, although satellite systems have taken over some of the safety
applications previously served by 500 kHz and other frequencies. 2182 kHz is a medium-wave frequency still used for
marine emergency communication.
Marine VHF radio is used in coastal waters and relatively short-range communication between vessels and to shore
stations. Radios are channelized, with different channels used for different purposes; marine Channel 16 is used for
calling and emergencies.
Amateur radio frequencies
Amateur radio frequency allocations vary around the world. Several bands are common for amateurs world-wide, usually
in the shortwave part of the spectrum. Other bands are national or regional allocations only due to differing allocations
for other services, especially in the VHF and UHF parts of the radio spectrum.
Citizens' band and personal radio services
Citizens' band radio is allocated in many countries, using channelized radios in the upper HF part of the spectrum
(around 27 MHz). It is used for personal, small business and hobby purposes. Other frequency allocations are used for
similar services in different jurisdictions, for example UHF CB is allocated in Australia. A wide range of personal radio
services exist around the world, usually emphasizing short-range communication between individuals or for small
businesses, simplified or no license requirements, and usually FM transceivers using around 1 watt or less.
Industrial, scientific, medical
The ISM bands were initially reserved for non-communications uses of RF energy, such as microwave ovens, radio-
frequency heating, and similar purposes. However in recent years the largest use of these bands has been by short-range
low-power communications systems, since users do not have to hold a radio operator's license. Cordless telephones,
wireless computer networks, Bluetooth devices, and garage door openers all use the ISM bands. ISM devices do not have
regulatory protection against interference from other users of the band.
Land mobile bands
Bands of frequencies, especially in the VHF and UHF parts of the spectrum, are allocated for communication between
fixed base stations and land mobile vehicle-mounted or portable transceivers. In the United States these services are
informally known as business band radio. See also Professional mobile radio.

77

Police radio and other public safety services such as fire departments and ambulances are generally found in the VHF
and UHF parts of the spectrum. Trunking systems are often used to make most efficient use of the limited number of
frequencies available.
The demand for mobile telephone service has led to large blocks of radio spectrum allocated to cellular frequencies.
Radio control
Reliable radio control uses bands dedicated to the purpose. Radio-controlled toys may use portions of unlicensed
spectrum in the 27 MHz or 49 MHz bands, but more costly aircraft, boat, or land vehicle models use dedicated remote
control frequencies near 72 MHz to avoid interference by unlicensed uses. Licensed amateur radio operators use portions
of the 6-meter band in North America. Industrial remote control of cranes or railway locomotives use assigned
frequencies that vary by area.
Radar
Radar applications use relatively high power pulse transmitters and sensitive receivers, so radar is operated on bands not
used for other purposes. Most radar bands are in the microwave part of the spectrum, although certain important
applications for meteorology make use of powerful transmitters in the UHF band.