High-availability Seamless Redundancy (HSR)


#1

High-availability Seamless Redundancy (HSR) is a network protocol for Ethernet that provides seamless failover against failure of any network component. This redundancy is invisible to the application.

HSR nodes have two ports and act as a switch (bridge), which allows arranging them into a ring or meshed structure without dedicated switches. This is in contrast to the companion standard Parallel Redundancy Protocol (IEC 62439-3 Clause 4), with which HSR shares the operating principle.

PRP and HSR are standardized by the IEC 62439-3:2016).
PRP and HSR are independent of the application-protocol and can be used by most Industrial Ethernet protocols in the IEC 61784 suite. It has been adopted for substation automation in the framework of IEC 61850.

PRP and HSR are suited for applications that request high availability and short switchover time, such as: protection for electrical substation, synchronized drives (e.g. in printing machines) or high power inverters. For such applications, the recovery time of commonly used protocols such as the Rapid Spanning Tree Protocol (RSTP) is too long.

The cost of HSR is that nodes require hardware support (FPGA or ASIC) to forward or discard frames within microseconds. This cost is compensated because no Ethernet switches are required. Hardware support is anyhow needed when the node supports clock synchronization or security.

HSR does not cover the failure of end nodes, but redundant nodes can be connected via HSR.

Operation

Every HSR node is a switching node, i.e. it can forward a frame received on one port to at least one other port in cut-through mode.

A source node sends the same frame over all ports to the neighbour nodes.

A destination node should receive, in the fault-free state, two identical frames within a certain time skew, forward the first frame to the application and discard the second frame when (and if) it comes.

A node forwards a frame unless it detects a frame that it sent itself or that it already sent. To reduce unicast traffic, a node does not forward a frame for which it is the sole destination (Mode U). This does not apply when traffic supervision is needed.

To reduce traffic, a node may refrain from sending a frame that it already received from the opposite direction on the same port (Mode X), but this does not apply to all frames.

Especially, Precision Time Protocol frames (multicast) are no duplicates of each other since they are modified by each node to correct the time. Such frames can only be retired by the node that originally inserted them, or by another node that already sent them. Also, this mode cannot be used when deterministic operation is required.