This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Why Functional Safety over EtherCAT (FSoE) should be important to machine builders

Author : Mark Checkley is the Sales and Marketing Manager for KEB UK Ltd

01 March 2018

KEB is rolling out its new Generation 6 products, including controllers and drives (F6, H6 & S6), and they have the standard option to be supplied with Functional Safety over EtherCAT (FSoE) but why it is important to machine builders?

FSoE (sometimes called Failsafe over EtherCAT) is starting to be introduced by more drives and controls suppliers, being a communication protocol that was developed by the ETG (EtherCAT Technology Group). The goal was to design an industrial communication bus that would be suited for use in safety applications – up to an IEC 61508 SIL3 level. In simple terms, this means the communication bus would need to operate in excess of 100,000 years without an undetected error.

An overview is that each FSoE node receives a unique address (16-bit) and the safe data with checksum are encapsulated in the EtherCAT telegram. The FSoE protocol has a number of different features that help detect an error in the communication, including:

Each FSoE slave is handled with a state machine. Upon start-up the slave must go through the state machine in order to set any of the safe bits. In the event of an error, the state machine is reset and the master must re-validate the connection before changing any of the safe bits.

There is a lot more technical information and members of the EtherCAT Technology Group can download a full copy of the specification at, or speak with KEB UK Ltd.

So why should machine builders care? 

FSoE is certified to an IEC 61508 SIL3 level

The protocol was designed with a number of different features (watchdog timers, checksums, etc.) that enhance security and allow the detection of errors.

Very importantly, the FSoE protocol was independently certified by TÜV Süd Rail GmbH to the IEC61508 SIL3 level.

This is relevant because it has been evaluated by a 3rd-party safety agency and carries the appropriate certification. When coupled with similarly certified safety hardware, the machine builder will have a much easier time having their overall machine certified for functional safety.

FSoE is an open protocol published by the Ethernet Technology Group (ETG)

ETG has made the technology open and accessible, it encourages many vendors to develop EtherCAT products. The machine builders benefit from this as they have access to many different vendors and products. The end user benefits with high-performance technology and lower costs due to the competitive offerings. So a win-win for everyone.

Similarly, FSoE is open and published by the ETG. Increasingly, more automation companies will develop FSoE-based products and the ecosystem will continue to grow. Both machine builders and end users will benefit with a wide selection of products and vendors.

This is not always the case with competing safety protocols on the market today. Some protocols out there are closed and proprietary. Any control solutions that are developed will tie a machine builder into that one vendor’s hardware and programming tools. This introduces risk as you are tied to one vendor.

In short, because Failsafe over EtherCAT is open, it gives machine builders an increasing number of product options from a number of different vendors.

FSoE can be implemented with other networks

FSoE works with standard Ethernet hardware and network cables so it can be used with other PLC vendors and with other industrial protocols. For example, it would be possible to have a machine controlled with a non KEB PLC but the safety functionality and safety IO is handled by a FSoE system. The FSoE safety network could even be used with a mix of different control types.

This gives machine builders flexibility, e.g. customers in one geography specify a PLC type from Vendor A, and another geography specifies Vendor B. Two machine variants can be offered but the FSoE safety control can be used across both designs. This is a big advantage considering the huge time and cost required to certify the functional safety of the machine.

Failsafe over EtherCAT saves wiring costs and time

Another really big advantage of FSoE is that much of the discrete safety wiring can be replaced with a network cable. The design of the safety system is largely done in the software and by using certified FSoE hardware.

There are a number advantages to replacing the discrete wiring:

• Reduction in wiring time

• Reduction in wiring errors

• Cleaner panel layout

• Better noise immunity

FSoE allows for Functional Safety in the Drive (Safety Drive Profile)

KEB has a deep EtherCAT drive portfolio. Its new Generation 6 drives have been designed for FSoE as the control word allows for advanced Safe Motion functions (according to IEC 61800-5-2). This means it is possible that an FSoE slave like an inverter can handle advanced safety functionality like Safe Limited Speed or Safe Limited Positioning.

By default, the below functions are configured in the drive’s safety control word. Additional Safe Functions are possible with manufacturer-specific bits.

With the safety module KEB’s drives offer the following integrated functions (how many can you name? – full details can be found at STO, SS1, SS2, SOS, SLS, SLP, SLI, SDI, SSM, SAR, SEL, SLA,SMS & SSR

The new range of drives and the whole safety portfolio with Functional Safety over EtherCAT will be on KEB’s stand G70 at Drives and Controls exhibition.

Contact Details and Archive...

Print this page | E-mail this page

Coda Systems