High-availability Seamless Redundancy

High-availability Seamless Redundancy (HSR) is a network protocol for Ethernet that provides seamless failover against failure of any single network component. PRP and HSR are independent of the application-protocol and can be used by most Industrial Ethernet protocols in the IEC 61784 suite. HSR does not cover the failure of end nodes, but redundant nodes can be connected via HSR. HSR nodes have two ports and act as a bridge, which allows arranging them into a ring or meshed structure without dedicated switches. This is in contrast to the companion standard Parallel Redundancy Protocol (PRP), with which HSR shares the operating principle. PRP and HSR are standardized by the IEC 62439-3:2016.

PRP and HSR are suited for applications that request high availability and short switchover time. For such applications, the recovery time of commonly used protocols such as the Rapid Spanning Tree Protocol (RSTP) is too long. It has been adopted for electrical substation automation in the framework of IEC 61850. It is used in synchronized drives (e.g. in printing machines) and high power inverters.

The cost of HSR is that nodes require hardware support (FPGA or ASIC) to forward or discard frames within microseconds. This cost is compensated because no Ethernet switches are required. Hardware support is anyhow needed when the node supports clock synchronization or security.

Topology
An HSR network node (DANH) has at least two Ethernet ports, each attached to a neighbour HSR node, so that always two paths exist between two nodes. Therefore, as long as one path is operational, the destination application always receives one frame. HSR nodes check the redundancy continuously to detect lurking failures.

HSR is typically used in a ring topology or in another mesh topology.

Nodes with single attachment (such as a printer) are attached through a RedBox (Redundancy Box).

Redundant connections to other networks are possible, especially to a Parallel Redundancy Protocol (PRP) network.

Since HSR and PRP use the same duplicate identification mechanism, PRP and HSR networks can be connected without single point of failure and the same nodes can be built to be used in both PRP and HSR networks.

Operation
Every HSR node is a switching node, i.e. it can forward a frame received on one port to at least one other port in cut-through mode.

A source node sends the same frame over all ports to the neighbour nodes.

A destination node should receive, in the fault-free state, two identical frames within a certain time skew, forward the first frame to the application and discard the second frame when (and if) it comes.

A node forwards a frame unless it detects a frame that it sent itself or that it already sent. To reduce unicast traffic, a node does not forward a frame for which it is the sole destination (Mode U). This does not apply when traffic supervision is needed.

To reduce traffic, a node may refrain from sending a frame that it already received from the opposite direction on the same port (Mode X), but this does not apply to all frames.

Also, several algorithms that relies on network node location learning can serve in the HSR traffic reduction, such as the Port Locking and Enhanced Port Locking, (PL) and (EPL) respectively, which work on closing the ports that leads to a non existed node,

Especially, Precision Time Protocol frames (multicast) are no duplicates of each other since they are modified by each node to correct the time. Such frames can only be retired by the node that originally inserted them, or by another node that already sent them. Also, this mode cannot be used when deterministic operation is required.

A special treatment is given to link-specific frames such as LLDP or Pdelay_Req / Pdelay_Resp Precision Time Protocol frames, for which the HSR tag is ignored, but must be present.

Frame format
To simplify the detection of duplicates, the frames are identified by their source address and a sequence number that is incremented for each frame sent according to the HSR protocol. The sequence number, the frame size and the path identifier are appended in a 6-octet HSR tag (header).

NOTE: all legacy devices should accept Ethernet frames up to 1528 octets, this is below the theoretical limit of 1535 octets.

Performance
In an HSR ring, only about half of the network bandwidth is available to applications for multicast traffic (compared to RSTP). This is because all frames are sent twice over the same network, even when there is no failure. However, since also the network infrastructure is also doubled in closed ring topologies the nominal network bandwidth is available. E.g. in a 100 Mbit/s Ethernet ring 100 Mbit/s are available (but not 200 Mbit/s).

Implementation
Since the forwarding delay of every node in an HSR ring adds to the total network latency, frames are forwarded within microseconds. In practice, hardware support (FPGA) is required to bring down the per-hop latency to a reasonable value (some 5μs at 100 Mbit/s), using cut-through switching. To this purpose, each frame has an HSR tag that allows recognition of whether the frame should be forwarded or not, to avoid store-and-forward. This means that corrupted frames will not be removed from the ring until they reach a node that already sent them.

Clock synchronization
IEC 62439-3 Annex C specifies a Precision Time Protocol Industry Profile (PIP L2P2P), that allows a clock synchronization down to an accuracy of 1 μs in a ring of 16 HSR nodes. This PTP protocol also allows operating the HSR ring deterministically for a dedicated class of traffic, for instance Sampled Values in IEC 61850. It has been adopted by IEEE as IEC/IEEE 61850-9-3, .

Historical Note
Originally, the protocol was named HASAR for the initial of the five companies working for electrical utilities that created it (Hirschmann, ABB, Siemens, Alstom and RuggedCom). Marketing renamed it HSR, for "High-availability Seamless Ring", but HSR is not limited to a simple ring topology.