Siemens PLC’s


I’m in Rome Italy tonight. Walked all over Rome today. My hotel is near the Colliseum and I thought I’d just stroll around for a while. Then decided that maybe I’d stroll towards the Vatican, get a cab along the way and then take the tour. One thing led to another and before I knew it I had walked all the way to the Vatican. Not sure how far I walked but it was a lot. Enough to get several Calluses.


Sometimes you just end up doing things the hard way. Occasionally there is no easy way so the hard way is actually the only way.


It’s like that when you want to read and write the data table of Siemens PLCs. Know I’m no expert in the Siemens world. What I do know is that arguably the best way to communicate with a Siemens PLC is to use Profinet IO.


Profinet IO is an Ethernet communication protocol that
unlike a lot of other Ethernet protocols rides on top of IP and not TCP. That
means that the I/O messages of Profinet IO are embedded in an IP Layer message
and not in a TCP layer message.


Why is that? It’s done like that so that Profinet IO can get
I/O responses really fast. It eliminates all the TCP stack encoding and
decoding. But the downside is that you have to have those hooks deep in your OS
or TCP/IP stack to intercept these messages. I’ve written about that before. NO
reason to cover that ground again.


Went round and round with a customer on that the other day.
He is selling software and wants a binary that he can ship out to anybody that
will do Profinet IO Device Side communication. He’d really like to read the
data tables but can’t by doing I/O. Had a hard time convincing him that since
the I/O messages have to be intercepted deep in the OS you can’t easily just
send software out for different kinds of systems. I wish it was like that but
it’s just not possible with this technology.


With Profinet IO you’re going to be doing I/O communication.
I/O is OK but the contents of the I/O messages are fixed. You can’t really get
these ten variables now and then every 50msec get these other ten variables.
Stuff like that is really helpful in some applications. Instead you have to fix
the information you’re going to transfer. Or build another proprietary protocol
on top of Profinet IO.


What a lot of people don’t know about Profinet IO is that
there is an NRT (non real time) component to the Profinet IO frames. This can
be used in a number of different ways and is in there to allow diagnostics and
alarms to flow through from devices to controllers. What that isn’t though, is
a channel for a device to get access to the data table. If the end device runs
SNMP or can do XML then that channel serves to let those devices send that data
“alongside” the I/O messages.


EtherNet/IP has similar kind of functionality. In
EtherNet/IP CIP (Common Industrial Protocol) you have something called Explicit
Messaging. With Explicit Messages a Scanner device can send a message that
requests the Adapter device to execute a predefined standard (or vendor
defined) function code.


Now Siemens PLCs do have other ways to communicate that can
help you with reading and writing of Siemens PLC data tables. They have some
protocols that talk directly to the data table over an Ethernet comm link.


The protocols that can talk directly to the data table are better
in that you have much more control over the interaction. But I am wary of using
them. For one, I don’t know how well they are supported through the entire
product line. Will the next PLC they introduce support the same protocol? Or
because the data table is different, will it have somewhat different
functionality. Seems to me that there is some risk to using them. I’m sure that
some of you have used the things successfully. I’d be very interested in
getting your input and publishing your successes.


At RTA I chain my programming staff in the office for weeks
on end and don’t let them out until we get Profinet IO gateways. As usual they
responded well to my chair and whip management style. They built some really
cool products. Here are three of them:


PROFINET TOALLEN-BRADLEY PLCS – This device connects any ControlLogix, PLC5E, SLC
5/505 or Micrologix to a Profinet IO network.


MODBUSSLAVES TO PROFINET IO – This device is a master to a network of Modbus RTU
Slave devices and combines those devices into what looks to the Profinet IO
Controller as a single Profinet IO device.


MODBUSTCP SLAVES TO PROFINET IO – This device is a master to a network of Modbus
TCP Slave devices and combines those devices into what looks to the Profinet IO
Controller as a single Profinet IO device.


So if you really want to move information in and out of a Siemens
PLC, Profinet IO is probably your best answer. But maybe there’s a better way.
Sheriff Carl is out there as are a number of really sharp Siemens PLC guys.
Maybe they can chime in and educate me on this one.


I’d appreciate it.