The market dynamics of fieldbus and the necessity to sell the concept tomanagement often leads us to describe fieldbus as 'intelligent' when wereally mean 'communicative' (see the alarm storm on power-up for the DCS).While discussing fieldbus reliability, we get quite involved with the issueof spur protection - if you didn't know, Hawke do fuses per spur, manyothers do electronic current-limiting.We've designed and built an electronic-current limiting device coupler asour next release, but we were really pulled up short by a systemsintegrator who had himself calculated MTBFs of typical circuits (hey,everyone needs a hobby!). These thing seriously downgrade systemsavailability - what you seem to get is much lower MTBF (factor of 100?), ahigher risk of segment failure (electronics can latch up as well as down)AND you pay MORE! Is this a good deal or what? In operation, theprotection circuit freezes to a fixed (higher) spur output and won't let gountil the short is removed (hysteresis). If you were tight to the limits,this current demand can be greater than your capability to supply, causingother devices to drop off the segment in an unpredictable manner.So, the great FF user community, are spur shorts or device failures (toshort-circuit) really an issue? Is it clumsy installation guys or cheapcable? In short (sic), is the cure worse than the problem?Mike O'NeillHawke Fieldbus, UK

To me, things like spur protection - in general, protecting the integrity ofthe physical layer - is one of the most important parts of the design.We did most of our installation before "spur guards" were available. So weput quick-disconnects on all the field devices - thinking that maintenanceactivities would be the biggest threat to segment integrity. Since then we've just been using the current-limiting appliances, blissfullyunaware they had such a nasty MTBF. I guess we've been thinking they werelittle more than R/C networks or maybe a diode or two (sorry I'm not an EE).In light of that, I could be sold that a simple fuse is better.The work-around is to design your segments to handle one shorted spurprotector at a minimum.John RezabekBP

Hi Ian and John,I wasn't sure what to do yesterday when I saw Mike O'Neill's originalmessage on this topic.You may be aware that Relcom has patents on electronic current limiting forFieldbus networks (SpurGuard patents). We have recently begun notifyingcompeting companies of these patents. In fact, we had some dialoguedirectly with Mr. O'Neill just last week. I surmise that his interest inthis topic may originate from the realization that his soon to be introducedproduct may require a license from Relcom.What we know about MTBF is this; the MTBF (MIL-HDBK-217F at 50 C) for one ofour eight spur Megablocks without short circuit protection (FCS-MB8) isapproximately 403 years. The approximate MTBF for an eight spur Megablockwith SpurGuards is 167 years. Nearly a factor of three, but nowhere Mr.O'Neill's guess of 100x.It is important to note that these figures are based on the probability thatany one of the individual components will fail, *not* that chance that aFieldbus segment will go down because of a failure. The segmentavailability numbers are much, much higher than the estimated MTBF.Regarding field failures, with thousands of units in use, we are not awareof a single instance where a segment or even a spur failed because of a badMegablock. To the contrary, we do know that hundreds of our customers have the abilityto perform maintenance on their live Fieldbus segments without affectingother instruments. This would be a much riskier proposition without shortcircuit protection.Some companies in our industry use product return statistics to estimateMTBF. When comparing MTBF claims, it pays to ask a few questions regardingmethodology.MTBF is a complicated topic and I would be pleased to have the opportunityto talk about it in depth.Best regards,-DanaDana Lommen - Relcom Inc.

The issue raised was one of MTBF and subsequent effects, in order to dealeffectively with fieldbus device couplers in SIL calculations. MIL217provides a clear route for calculation of MTBFs and is not particularlydifficult to handle, though somewhat cumbersome to complete. The definitionof failure is clearly going to be a bone of contention, since we calculateMTBFs based on failure of the spur and/or failure of the segment, and wecalculate Hawke's passive device coupler at around 8000 years. The samereliability argument goes into the fieldbus power supply conditioning,which can be achieved with an inductor (low cost and simple) or an activecircuit (neat and compact, but has additional potential failure modesleading to a lower MTBF).The key point is that all connected items, whether they be power suppliesor device couplers, degrade systems availability in some way through theirown contribution of potential failure modes. Active device couplers MUST beless reliable than passive device couplers - that's a given, simply becausethey have many more components, solder joints and potential failure routes(series and parallel) than 2x 2 terminals mounted onto a PCB connected bydecent sized tracking. Pre-wired factory built bricks,or usingplugs/sockets eliminate installation errors, are ways in which potentialfailures can be addressed, each of which have cost implications, somelarger than others. We are all working towards making fieldbus thetechnology of choice for process control. This requires us all todemonstrate that fieldbus offers the user significant benefits withoutimpacting on systems availability. If fieldbus implementation cost a lotand only worked half the time, all the interoperability and local controlin the world would not attract many users to fieldbus. I appreciate thatreliability versus cost is a touchy subject for some vendors but thesethings matter to potential users and plant operators, many of whomstipulate systems availability in contractual terms to the EPC.Mike O'NeillHawke Fieldbus

Given the importance of physical layer integrity, are any host vendors doinganything for physical layer diagnostics?I'd be pretty happy with something rudimentary - analogous to thediagnostics we get from one of the little Relcom "Fieldbus Monitor". Somevendors tell me that such diagnostics exist, but there are no alarms orother indicators to alert a technician to a suspect segment - except whenthe devices themselves finally start to be intermittent.Our experience is, if we take care of the wire (including terminations), thesegment power, and the devices, we have a very solid little (distributed)control system on any given segment. Over months or years of operation,things can happen. Water can get into conduit or devices. Vibration canloosen terminals. Jackets and shields can degrade.How much more confident could we be if we had an "always on duty" watchdogthat would alert us to deficiencies in the physical layer (high noise,marginal power, etc.)? Am I the only end user who sees value in this (dare Iask)?John RezabekBP