Burner - Function - Blocks From SIEMENS

SIEMENS
Important notices Table of Contents Fuel technology and burner package
1 2 3 4 5 6 7
SIMATIC S7- Distributed Safety Failsafe function blocks for burner technology
product information
System and software requirements
Failsafe function blocks for burner technology
Interaction of the blocks
Application examples
Support
Notes
Edition 03/2007 Version v1.0
Important notices
Safety Guidelines
This manual contains notices which you should observe to ensure your own personal safety, as well as to protect the product and connected equipment. These notices are highlighted in the manual by a warning triangle and are marked as follows according to the level of danger:
Safety Note
Contains important information on the acceptance and safety-related use of the product.
!
!
Warning
Indicates that death, severe personal injury or substantial damage to property can result if proper precautions are not taken
Caution
Indicates that minor personal injury or property damage can result if proper precautions are not taken
Note
Draws your intention to particularly important information on the product, handling the product, or to a particular part of the documentation. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel
The device/ system may only be set up and used in conjunction with this documentation. Commissioning and Operation of a device/system may only be performed by qualified personnel. Within the context of the safety notes in this documentation qualified persons are defined as persons who are authorized to commission, ground and label devices, systems and circuits in accordance with established safety practices and standards.
Correct Usage
Note the following:
Warning
This device/ system may only be used for the applications described in the catalog or the technical description and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. Correct, reliable operation of the product requires proper transport, storage, positioning and assembly as well as careful operation and maintenance.
Trademarks
SIMATIC is registered Trademark of Siemens AG. The other names in this document can be trademarks, the usage of which by third parties could harm the rights of the owners.
Copyright Siemens AG 2006 All rights reserved

The passing on as well as copying of these pages, utilization and communication of their contents is not allowed unless permission is granted particularly. Non-compliance will result in damages. All rights reserved particularly in the case of the patent issue or GM entry. Siemens AG I&S IS E&C PS Industrial Solutions and Services Industrial Services Engineering & Construction Professional Services D- Nuremberg
Disclaimer of Liability
We have checked the contents of this manual for agreement with the hardware and software described. Since deviations cannot be precluded entirely, we cannot guarantee full agreement. However, the data in this manual is reviewed regularly and any necessary corrections will be included in subsequent editions. Suggestions for improvement are welcomed.
Siemens AG 2006 Technical data subject to change.
Important notices
Guidelines for Registration
After having bought the optional Package the user has to register. Therefore you have to send an email to hf-cc.aud@siemens.com with the subject: "Registration burner package". The serial number and the company address have to be included in the e-mail. The serial number can be found on the certificate of license (COL) distributed with the burner blocks. After the registration has been carried out you get stickers depending on the amount of licenses you ordered. These stickers have to be placed on the CPU and are required for acceptance and warranty claim in the event of damage! The license is valid for one CPU. For each plc a burner block of this optional package is running in, you need to buy a new license. It is also possible to send a fax or letter to the H/F Competence Center, contact details can be found in Chapter 6 of this manual. For questions regarding the registration please ask the Siemens partners at your agencies and offices or the H/F Competence Center.
Table of Contents
Table of Contents
1 Fuel Technology and Burner Package .......................................................................1-1
1.1 Technologic Scheme ............................................................................................................. 1-1 1.2 Burner Package Functionality ................................................................................................ 1-2 1.3 What is new in version 5.4? ................................................................................................... 1-4 1.3.1 Timer............................................................................................................................... 1-4 1.3.2 Diagnosis ........................................................................................................................ 1-4 1.3.3 Function changes in the blocks ...................................................................................... 1-4
System and software requirements ............................................................................2-1

2.1 2.2 2.3 2.4 2.5 2.6 General .................................................................................................................................. 2-1 Safety requirements ............................................................................................................... 2-1 Principle of the safety functions ............................................................................................. 2-1 Software ................................................................................................................................. 2-2 Safety parameters of the function blocks............................................................................... 2-2 Performed standards ............................................................................................................. 2-2
Failsafe function blocks for burner technology.........................................................3-1

3.1 Overview ................................................................................................................................ 3-1 3.1.1 Failsafe blocks ................................................................................................................ 3-1 3.1.2 Block I/Os........................................................................................................................ 3-2 3.1.3 Block numbers ................................................................................................................ 3-2 3.1.4 Installation in Cyclic Interrupt- OBs................................................................................. 3-2 3.1.5 Use of data blocks .......................................................................................................... 3-2 3.2 Failsafe function block gas tightness test (F_TIGHTN) ......................................................... 3-3 3.2.1 Introduction ..................................................................................................................... 3-3 3.2.2 Mode of operation........................................................................................................... 3-4 3.2.3 Time diagram .................................................................................................................. 3-6 3.2.4 Block I/Os........................................................................................................................ 3-9 3.2.5 Parameter ..................................................................................................................... 3-11 3.3 Failsafe function block igniter (F_IGNTR)............................................................................ 3-12 3.3.1 Introduction ................................................................................................................... 3-12 3.3.2 Mode of operation......................................................................................................... 3-13 3.3.3 Time diagram ................................................................................................................ 3-14 3.3.4 Block I/Os...................................................................................................................... 3-20 3.3.5 Parameter ..................................................................................................................... 3-24 3.4 Failsafe function block air damper control (F_AIRD) .......................................................... 3-25 3.4.1 Introduction ................................................................................................................... 3-25 3.4.2 Mode of operation......................................................................................................... 3-26 3.4.3 Time diagram ................................................................................................................ 3-27 3.4.4 Block I/Os...................................................................................................................... 3-31 3.4.5 Parameter ..................................................................................................................... 3-34 3.5 Failsafe function block oil burner (F_OIL_BU)..................................................................... 3-35 3.5.1 Introduction ................................................................................................................... 3-35 3.5.2 Mode of operation......................................................................................................... 3-36 3.5.3 Time diagram ................................................................................................................ 3-37 3.5.4 Block I/Os...................................................................................................................... 3-42 3.5.5 Parameters ................................................................................................................... 3-47 3.6 Failsafe function block gas burner (F_GAS_BU)................................................................. 3-48 3.6.1 Introduction ................................................................................................................... 3-48 3.6.2 Mode of operation......................................................................................................... 3-49 3.6.3 Time diagram ................................................................................................................ 3-50 3.6.4 Block I/Os...................................................................................................................... 3-54 3.6.5 Parameters ................................................................................................................... 3-58 3.7 Failsafe function block oil start program (F_OIL_ST) .......................................................... 3-59 3.7.1 Introduction ................................................................................................................... 3-59
SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology
-i-
Table of Contents
3.7.2 Mode of operation......................................................................................................... 3-60 3.7.3 Time diagram ................................................................................................................ 3-61 3.7.4 Block I/Os...................................................................................................................... 3-64 3.7.5 Parameters ................................................................................................................... 3-68 3.8 Failsafe function block position check (F_POS_CH) ........................................................... 3-69 3.8.1 Introduction ................................................................................................................... 3-69 3.8.2 Mode of operation......................................................................................................... 3-70 3.8.3 Time diagram ................................................................................................................ 3-71 3.8.4 Block I/Os...................................................................................................................... 3-74 3.8.5 Parameters ................................................................................................................... 3-76
Interaction of the blocks ..............................................................................................4-1

4.1 Overview ................................................................................................................................ 4-1 4.2 Connection of the blocks........................................................................................................ 4-2 4.2.1 Basic configuration ......................................................................................................... 4-2 4.2.1.1 Gas burner control................................................................................................... 4-2 4.2.1.2 Oil burner control ..................................................................................................... 4-5 4.2.1.3 Mixed operation ....................................................................................................... 4-1 4.2.2 Control of several burners .............................................................................................. 4-3 4.2.3 Optional blocks ............................................................................................................... 4-4 4.2.4 Additionally necessary blocks......................................................................................... 4-6 4.2.5 Further information ......................................................................................................... 4-7 4.2.5.1 Information about the burner technology................................................................. 4-7 4.2.5.2 General information ................................................................................................. 4-7
Application examples...................................................................................................5-0
5.1 Overview ................................................................................................................................ 5-0 5.1.1 Labeling for the interconnection of the burner blocks..................................................... 5-0 5.2 Connection example for gas burner control........................................................................... 5-1 5.2.1 Interconnection of F_GAS_BU ....................................................................................... 5-1 5.2.2 Interconnection of F_TIGHTN......................................................................................... 5-2 5.2.3 Interconnection of F_IGNTR........................................................................................... 5-4 5.2.4 Interconnection of F_AIRD ............................................................................................. 5-5 5.2.5 Assignment of safety functions ....................................................................................... 5-6 5.3 Connection example for oil burner control ............................................................................. 5-7 5.3.1 Interconnection of F_OIL_BU ......................................................................................... 5-7 5.3.2 Interconnection of F_OIL_ST.......................................................................................... 5-9 5.3.3 Interconnection of F_IGNTR......................................................................................... 5-10 5.3.4 Interconnection of F_AIRD ........................................................................................... 5-11 5.3.5 Assignment of safety functions ..................................................................................... 5-12 5.4 Failsafe Inputs and Outputs ................................................................................................. 5-13
6 7
Support ..........................................................................................................................6-1 Notes..............................................................................................................................7-1
- ii -
Fuel Technology and Burner Package
1 Fuel Technology and Burner Package

This chapter shows the general process sequence of a burner, in further chapters the functionality of each of the Burner Blocks will be described in detail
1.1 Technologic Scheme

The technology scheme in the picture represents the simplified configuration of a burning plant as well as the relevant components for the control of the burner.
Technical Plan of the Burner Technology
General structure of a burner plant

Gas supply with safety, main and ventilation valves and pressure detectors to carry out the tightness test Oil supply with two safety magnetic valves Supply for the ignition fuel equipped with two magnetic valves and a manual shut off valve Air supply conduction, equipped with a fan in case it is not integrated in the burner Burnt gases exhaust with shut off damper Igniter transformer to light the ignition flame (in industrial burners) Flame detectors to supervise the ignition and main flames Drive for the regulation of the air/fuel ratio
- 1-1 -
Generic operation of a burner

For gas burners above a certain power, a tightness test of the valves in the gas supply has to be carried out before ignition. Before each start up of a gas or oil burner, the burning chamber and burnt gas exhaust have to be cleaned to eliminate fuel rests. This pre-purge is done by means of air pressure. The time required for this pre-ventilation depends on the type of burner. Ignition of the first burner has to take place within 10 minutes after the pre-ventilation. The ignition fuel supply valves are opened and the ignition fuel is lit by the sparks produced by the ignition transformer. In most small burners no separate fuel is used for the ignition, in this case the gas or oil is directly ignited. Once the ignition flame is detected by the ignition flame detector, and if the safety requirements for start-up are fulfilled, the fuel main valves can be opened. Ignition has to take place within the safety time. If after pre-ventilation, the first attempt of ignition is not successful, and if the safety requirements for ignition are still fulfilled, an immediate second attempt to ignite is allowed. (If there are three or more burners in the same combustion chamber, a third ignition attempt is allowed) During start-up and operation, the safety conditions must be supervised and in case they are not met, the fuel supply cannot be opened (during start-up) or has to be interrupted (during operation). The regulation of the fuel and air quantities during ignition is carried out by motor driven dampers or by valves. If the main flame detector reports the existence of a flame, the flow rate of fuel can be increased depending on the needed power.
1.2 Burner Package Functionality

The blocks included in burner package perform the following functions from the process chain: The tightness test for gas supply valves can be carried out using the block F_TIGHTN. Ignition is controlled and monitored by the combination of the blocks F_IGNTR and F_GAS_BU (for gas burners) or F_IGNTR and F_OIL_BU (for oil burners). These blocks supervise the safety requirements that have to be fulfilled at each stage of the ignition, monitor the safety time for ignition and drive the igniter transformer and the valves for the fuel supply. In case the safety conditions during start-up or during operation are not met, the block F_GAS_BU or F_OIL_BU will not allow the fuel supply or will interrupt it. The position of the air damper during ignition and during operation can be controlled using the block F_AIR_D. Extra monitoring functionality is provided by the block F_POS_CH. F_POS_CH supervises the position of the actuators for air and fuel supply. For oil burners, which have to be blown out after shut off, the block F_OIL_ST can be used to monitor and control the oil program.
- 1-2 -
! ! ! !
The user has to connect and parameterize the burner blocks according to the applicable burner standards.
The safety requirements that must be fulfilled for start-up and burner operation depend on the burner type and the application.
Programming of the pre-ventilation phase must be carried out by the user following the burner standards.
Control of the allowed number of attempts to ignite has to be programmed by the user following the burner standards.
- 1-3 -
1.3 What is new in version 5.4?

The following chapter contains a summary of the innovations in the burner package of Distributed Safety V5.4:
1.3.1
Timer
The timer function blocks are invoked internally and must not be of the user outside the blocks interconnected any more. The times are becoming parameterized directly at the receipts of type time now.
1.3.2
Diagnosis
The blocks F_IGNTR, F_GAS_BU, F_OIL_BU and F_OIL_ST were extended by a fault diagnosis whose result is available at an additional exit of the type Word.
1.3.3
Function changes in the blocks
F_IGNTR: The igniting locking questions on the diagnosis bit (Diag_13), this reports faults in the pilot flame monitor. After turning the igniter off the signal IGN_OP (signal of the pilot flame monitor) is supervised. It must become zero shortly after igniter switching off. The diagnosis bit 13 will be set if the signal IGN_OP=1 after the parameterized time "PFSF_Time" ("pilot flame sensor failure time"). This indicates that the pilot flame monitor delivers a wrong signal. As long as this fault lines up, the igniter cannot be started. This function can be turned off if e.g. the signal IGN_OP is, delivered by a flame guardian who also supervises the main flame. (In this case IGN_OP is also "1" if the igniter is turned off). To avoid a failure report, the entrance "PFSF_MODE" can be put "on 1". Through this the entrance "IGN_OP" isn't supervised. Exit TRANSF is turned off if exit IGN_OPAT is sedate. This means, if the igniter is in mode, isn't the spark generator steered for any more. F_AIRD: The output is set to FAIL_POS in the standard mode (AD_IGNPOS = 0) if AD_CLOSED and AD_OPEN are "1" at the same time. The constituent was extended by new output "AD_IGNPOS_OK". This is set, if AD_IGNPOS = 1 is and the ventilation flap is in the right igniting position (AD_MAX = 1 and AD_MIN = 1).
- 1-4 -
F_OIL_BU: The conditions OIL_OK, AIRFL_OK and OILFIRE are only not viewed during the ignition but either during the writer mode now. This has the advantage that they are dropped at the entrance PROTEC. The report of the flame guardian doesn't have SW_INTL switched is to prevent the start of the writer at a flame report, the condition is checked internally now with the entrance any more. It is through this to start no longer possible, the writer if the flame guardian reports a flame and the writer is in individual mode (BU_OP = 0 and OILFIRE = 1). A new entrance MFSF_Time (Main Flemish man sensor Failure time) is inserted. The time is parameterized for the supervision of the main flame guardian at this entrance. The timer starts if no flame should be available. This means the writer is turned off (OIL_RUN = 0 and OBU_OPAT = 0) and no flame of other writers is available (BU_OP = 0). The diagnosis bit 13 is set if after the parameterized time (MFSF_Time) a flame signal still lines up (OILFIRE = 0). F_GAS_BU: The conditions GAS_OK, AIRFL_OK and GASFIRE are only not viewed during the ignition but either during the writer mode now. This has the advantage that they are dropped at the entrance PROTEC. The report of the flame guardian doesn't have SW_INTL switched is to prevent the start of the writer at a flame report, the condition is checked internally now with the entrance any more. It is through this to start no longer possible, the writer if the flame guardian reports a flame and the writer is in individual mode (BU_OP = 0 and GASFIRE = 1). A new entrance MFSF_Time (Main Flemish man sensor Failure time) is inserted. The time is parameterized for the supervision of the main flame guardian at this entrance. The timer starts if no flame should be available. This means the writer is turned off (GAS_RUN = 0 and GBU_OPAT = 0) and no flame of other writers is available (BU_OP = 0). The diagnosis bit 13 is set if after the parameterized time (MFSF_Time) a flame signal still lines up (GASFIRE = 0).
- 1-5 -
System and software Requirements
2 System and software requirements

2.1 General
The failsafe function blocks burner technology described in the next chapters can be used in combination with the failsafe automation system Siemens SIMATIC S7-IM 151-F CPU, S7315F, S7-317F, S7-319F or S7-416F for the control of gas and oil burners. First the safety aspects at the development of failsafe function blocks are described. Then the characteristics of the different function blocks are explained in detail. The behavior of the failsafe function blocks is shown by timing diagrams. The failsafe function blocks burner technology are developed as individual functions in order to allow a modular use and the possibility to control more than one burner.
2.2 Safety requirements

With the automation system S7-IN 151-F CPU, S7-315F, S7-317F, S7-319F or S7-416F, the following safety specifications can be fulfilled: Safety level AK1 up to AK6 according to DIN V 19250/DIN V VDE 0801. Safety Integrity Level SIL1 up to SIL3 according to IEC 61508. Category 1 up to 4 according to EN 954-1.
2.3 Principle of the safety functions

Fail-safety is mainly software implemented through the safety functions. Failsafe functions are executed by the automation system S7-IN 151-F CPU, S7-315F, S7-317F, or S7-416F, in order to bring or to keep the system in a safe mode in case of a dangerous incident. The safety functionality for a process could be fulfilled with a user safety function or with a fail reaction function. In case of failure, if the distributed safety cannot carry out the user safety function anymore, the fail reaction function will be executed, e.g. the corresponding outputs are switched off and the F- program goes into the STOP mode. For example: The distributed safety system should switch on a valve in case of overpressure (user safety function). At a serious failure of the CPU, all the outputs are switched off (fail reaction function), whereby the valve opens and the other actors are brought in the safe position. If the F-system worked properly, only the valve would be opened.
- 2-1 -
System and software Requirements
2.4 Software
The following Software of Siemens SIMATIC must be installed on the PC/PG (programming device) for the use of the function blocks Burner technology
STEP 7 V 5.3 + SP3 or higher S7 Distributed Safety V5.4 S7 F Configuration Pack V5.4
2.5 Safety parameters of the function blocks

The function blocks for the control of gas and oil burners has been developed using the certified failsafe function blocks in F-FBD. The compiler of the engineering tool generates failsafe function blocks. These can be imported into libraries and be inserted in any F-FBs and F-FCs. All the certified failsafe standard function blocks fulfill the requirements for category 4 according to EN 954-1 as well as the requirements for category 6 according to DIN V 19250/DIN V VDE 0801 and Safety Integrity Level SIL1 till SIL3 according to IEC 61508. Therefore, the developed failsafe function blocks fulfill the same safety category. Nevertheless, it has to be additionally verified that the function blocks meet the requirements of the standard specifications with regard to performance and functionality. Standardally, evidence can only be provided by a functional test.
2.6
Performed standards
The burner package has been certified through following TV standards:
IEC 61508: 2000, Teil3, SIL3 DIN EN 676: 2003 DIN EN 267: 1999 DIN EN 12952-8: 2002 DIN EN 12953-7: 2002 TRN 411: 1997 TRN 412: 1997 DIN EN 746-2: 1997 DIN VDE0116: 1989
- 2-2 -
3 Failsafe function blocks for burner technology

3.1 Overview
3.1.1 Failsafe blocks
All the failsafe blocks burner technology can be found in the libraries catalogue in the Burner_Failsafe_DS_V5_4. The following failsafe blocks are available: F_TIGHTN F_GAS_BU F_IGNTR F_OIL_BU F_AIRD F_OIL_ST F_POS_CH Failsafe function block for gas tightness test control Failsafe function block for gas burner control Failsafe function block for igniter control Failsafe function block for oil burner control Failsafe function block for air damper control Failsafe function block for oil start program control Failsafe function block for position check
Following failsafe block are required additionally: F_TP F_TON F_BO_W Creates a signal for a certain time Delays a rising edge for a certain time Convert 16 data of the data type BOOL into a value of the data type WORD
The timing function blocks and F_BO_W are included in the library Distributed Safety / FApplication blocks.
- 3-1 -
3.1.2
Block I/Os
In the case of fail-safe blocks, some points concerning the block I/Os should be noted:
Note Although the I/Os EN and ENO appear in the FBD/LAD editor, they are neither evaluated nor assigned by the program code of the F block and you must not interconnect or parameterize them.
3.1.3
Block numbers
Block number FB 465 FB 466 FB 467 FB 468 FB 469 FB 471 FB 473 Block name F_IGNTR F_TIGHTN F_GAS_BU F_OIL_BU F_AIRD F_OIL_ST F_POS_CH Block signature 7362 42D1 CE67 C081 C2E9 F212 E394
3.1.4
Installation in Cyclic Interrupt- OBs

Safety note Failsafe blocks can only be called from a cyclic interrupt OB 3x. Insertion in the OB 1 is not allowed. The cycle time for the Cyclic Interrupt OB is parameterized in HW-Config (CPU-Parameter Cyclic Interrupt- Execution)
3.1.5
Use of data blocks
Note All data blocks mentioned in the course of this manual are used arbitrarily. The Failsafe function blocks for burner technology V5.4 can be combined with any data block not allocated yet in the user program.
- 3-2 -
3.2 Failsafe function block gas tightness test (F_TIGHTN)
3.2.1
Introduction
The failsafe function block F_TIGHTN controls the tightness test of the valves of the supply lines in which gaseous fuels are led. To this a gas tightness test is executed whose process is controlled and supervised by the failsafe function block. Before the start of the gas burner a check of the gas tightness must be executed. As long as the gas tightness test isn't successful, the gas burner may not be started.
Note When this block is used, the block F_TON (FB 185) has to be present in the block folder.
- 3-3 -
3.2.2
Mode of operation
Operation of the gas tightness test The pressure sensors P1 and P2 represented in the pictures monitor the printing in the different examining phases . Note
Ventilation valve is current-freely open
Test phase 1:
Test phase 1 of the tightness test Before the gas tightness test is started, both solenoid valves are closed and the ventilation is opened. There is a pressure in height of the air pressure now in the gap of the valves. At the start of the test phase 1 the ventilation valve is closed. The two solenoid valves and the ventilation remain closed during the test period. If the pressure increases by the perhaps leaky first solenoid valve, this is notified of to P1 by the pressure detector.
Test phase 2:
Test phase 2 of the tightness test
- 3-4 -
If the first solenoid valve is thick, you open for a particular time and the ventilation valve close. There is the gas printing between the three solenoid valves now. It is checked now with P2 whether the pressure dismantles him in the gap. If the pressure is reduced, either the security valve, the solenoid valve in front of the writer, or the solenoid valve of the ventilation is leaky. Mode of operation F_TIGHTN The gas tightness test is started by a high signal at the start input ST_TT. During the gas tightness test the function block F_TIGHTN takes the control of the safety valve and the ventilation valve. If the gas tightness test is successful, the control of the valves is taken over by the function block F_GAS_BU. The following picture shows the functionality for driving the valves.
#OPEN_V: #E_FILL: #E_VENT:
OPEN_V from F_GAS_BU E_FILL from F_TIGHTN E_VENT from F_TIGHTN
Note In case a valve is detected not to be tight (low-signal delivered by the corresponding pressure detector) during the test, or if the failure signal FAIL_P is set, the gas tightness test is interrupted and a low value is set at the outputs which drive the valves. As a result, the safety valves close and the ventilation valve opens (this valve is open when not energized).
The failure output FAIL_P will be set if a high signal is set simultaneously and longer than 3sec at both pressure detector inputs. Quit is required in order to reset this failure signal.
- 3-5 -
3.2.3
Time diagram
Optimal signal behavior The optimum case signal behavior for failsafe block F_TIGHTN is pictured in the following time diagram:
1) 2) 3) 4) 5) 6) 7)
ST_TT PMIN PMAX GAS_RUN GAS_OPAT QUIT E_VENT E_FILL V1_NT V2_NT FAIL_P TIGH_OK QUIT_ON T1_PS T_FUEL T2_PS legend: input = 1 input not relevant output = 1
Start tightness test Pressure underneath maximal pressure Pressure above minimal pressure Operating status gas burner Gas burner in operation Failure acknowledgement Activaton of ventilation valve Activation of 1st solenoid valve 1st solenoid valve not tight 2nd solenoid valve not tight Failure in PMIN / PMAX Tightness test successful Quit is active
Description of the optimal signal behavior: 1) - Before the test the gas density is the same as the air pressure (PMAX = 1) in the gap. - Start gas tightness test by pressing start button (with edge at ST_TT). - Ventilation valves get closed (E_VENT=1). - Timer T1_PS starts. - No increase of the pressure (PMAX = 1) within T1_PS, Timer T_FUEL starts. - Main Valve will be opened (E_FILL=1) and fuel is filled into the space between the valves. Filling valve gets closed (E_FILL=0) - Timer T2_PS starts. - is within T2_PS no decrease of pressure (PMIN = 1), Output is set (TIGH_OK=1). - Gas tightness test is finished - Control of the valves will be taken over by the burner function block. - The 1 signal at the TIGH_OK is to moving set with a positive edge at the entrance ST_TT. - TIGH_OK can also be reset by the signal GAS_OPAT.
2)
3)
4)
5)
6)
7)
- 3-6 -
Signal behavior in case of failure The following time diagram shows the signal behavior of the failsafe block F_TIGHTN) in case of failure.
1)
2)
3)
4)
5)
6)
7)
8)
9)
ST_TT PMIN PMAX GAS_RUN GAS_OPAT QUIT E_VENT E_FILL V1_N_T V2_N_T FAIL_P TIGH_OK QUIT_ON
T1_PS T1_PS T_FUEL T2_PS legend: input = 1 input not relevant output = 1 TFAIL_P
Start tightness test Pressure underneath maximal pressure Pressure above minimal pressure Operating status gas burner Gas burner in operation Failure acknowledgement Activaton of ventilation valve Activation of 1st solenoid valve 1st solenoid valve not tight 2nd solenoid valve not tight Failure in PMIN / PMAX Tightness test successful Quit is active
Description of the signal behavior in case of failure: 1) - Start gas tightness test by pressing button (edge at ST_TT), ventilation valve is closed (E_VENT=1) and timer T1_PS starts. - During the test time T1_PS an increase in pressure occurs (PMAX =0), failure V1_N_T is set at the output. - Attempt to restart without quitting the failure: start is not possible. - Start of gas tightness test after quitting the failure (see 3.2.3) - if there is no increase of the pressure (PMAX = 1) within T1_PS, timer T_FUEL starts and the output to drive the safety valve E_FILL is set to 1-signal. after filling time starts T2_PS. - If during test time T2_PS the pressure decreases (PMIN = 0), the fail output V2_N_T is set - Attempt to start the gas tightness test while gas program runs GAS_RUN start is not possible. - The Failure Signal FAIL_P is set if both inputs PMIN and PMAX get a 1 signal simultaneously and longer as the time, which is parameterized in T_FAILP. The pressure is higher than the maximum pressure to P1 and less than the minimal pressure to P2 FAILP at the same time. This failure report has to be quitted.
- 3-7 -
2)
3) 4) 5)
6) 7)
8)
9)
Note To restart the gas tightness test a positive edge at ST_TT is needed to reset the output TIGH_OK and a second positive edge starts the tightness test again.
Signal behavior for failure acknowledgement The following picture shows the signal behavior of failsafe function block F_TIGHTN for possible failure acknowledgement cases. Acknowledgement is only possible with a positive edge in the QUIT signal. The failure messages are carried out even if this signal lines up. If a signal is recognized by the entrance QUIT, it is displayed at exit QUIT_ON.
1) 2) 3)
ST_TT PM IN PM AX GAS_RUN GAS_OPAT QUIT E_VENT E_FILL V1_N_T V2_N_T FAIL_P TIGH_OK QUIT_ON
T1_PS T1_PS T_FUEL legend: input = 1 input not relevant output = 1 T2_PS
Start tightness test Pressure underneath m axim al pressure Pressure above m inim al pressure Operating status gas burner Gas burner in operation Failure acknowledgem ent Activaton of ventilation valve Activation of 1st solenoid valve 1st solenoid valve not tight 2nd solenoid valve not tight Failure in PMIN / PMAX Tightness test successful Quit is active
Description for the signal behavior for failure acknowledgement: 1) - During test time T1_PS is PMAX=0 - Failure signal at output V1_N_T is shown - QUIT is set (QUIT_ON=1) - Fail is not quitted, because no positive edge in QUIT came over. - Fail is quitted by a positive edge in signal QUIT - then start of gas tightness test - gas tightness test is running - During test time T2_PS the pressure decreases (PMIN = 0) - Failure signal at output V2_N_T is shown. - Fault report lasts up to quitting is made.
2)
3)
- 3-8 -
3.2.4
Block I/Os
Inputs F_TIGHTN Name ST_TT Data type BOOL Description Start tightness test The presetting of the connection is set to 0. By Setting the input the gas tightness test starts. The signal does not have to be set permanently because the input is saved. If the test is successful, the saved 1-signal can be reset on the output TIGHT_OK with a positive edge on ST_TT. The gas tightness test cannot be started while the burner (GAS_RUN=1) is running. Pressure underneath maximal pressure The presetting of the connection is set to 0. Here the connection to the operand of the pressure switch is implemented. If a 1-signal is set, the given pressure will not be exceeded. If pressure is too high (exceeding the parameterized value on the pressure switch) or the pressure switch has got an error, the signal will be set to 0. PMAX has to be set to 1 at the beginning Pressure above minimal pressure The presetting of the connection is set to 0. If pressure is not falling (e.g. below the parameterized area) the pressure switch has a 1-signal, otherwise it has a 0-signal. Operating status gas burner As soon as the gas starting program is running, a 1-Signal is set, which prevents the gas tightness tests from switching on. If GAS_RUN gets "1" during the test, the test will be interrupted. Gas burner in operation As soon as the gas burner is running (GAS_OPAT=1), the output parameter "Gas tightness test successful" (TIGHT_OK=1) is set to 0. As soon as the gas burner is running, the 1-signal on GAS_OPAT prevents the gas tightness test from switching on. If GAS_OPAT becomes "1"during the test, the gas tightness test will be interrupted. Failure acknowledgement In case of errors with this input parameter the error message is reset at the output parameters V1_N_T (Valve 1 leak) or V2_N_T (Valve 2 or ventilation leak). Acknowledgement is only possible with positive edge at QUIT and has no effect in standard operation. Testtime of the Check of Tightness of the Safety valve Within the predefined Period of time the gas tightness of the safety valve (Valve 1) is checked. Reference value: 0min < T1_PT < 2min Test time for the check of the tightness of the main valve The gas tightness of the safety valve (valve 1) is checked within the stated period of time. Standard value : 0min < T2_PT < 2min Failuretime Signals PMIN and PMAX may not be set at the same time and longer as TFAIL_P, otherwise there is an error. This error has to be acknowledged.
PMAX
BOOL
PMIN
BOOL
GAS_RUN
BOOL
GAS_OPAT BOOL
QUIT
BOOL
T1_PS
TIME
T2_PS
TIME
TFAIL_P
TIME
- 3-9 -
Name T_FUEL
Data type TIME
Description Filling up time of the Safety valve Within this period of time the space between the valves and the ventilation will is filled with gas. T_FUEL determines how long the valve is open for filling the valve spaces of the fuel feeding pipe. Reference value : 0s < T_FUEL < 3s
Outputs F_TIGHTN Name E_VENT Data type BOOL Description Activation of ventilation valve If a 1-signal is set at the output, the ventilation valve will be closed (currentless opened). Activation of first solenoid valve If a 1-signal is set at the output, the Safety valve (Valve 1) will be opened. (see interconnection picture in chapter. 3.2.2) First solenoid valve not tight Error message in case of leak Safety valve. This message can be reset by input QUIT. Second solenoid valve not tight Error message in case of leak main valve or leak ventilation valve. This message can be reset by input QUIT. Failure in PMIN/ PMAX There will be an error message FAIL_P if a 1-signal is set on PMIN and PMAX at the same time. This message can be reset by input QUIT Tightness test successful Message after successful gas tightness test. Is reset by the input GAS_OPAT or a positive edge at the input ST_TT Quit is active 1-Signal: At Input QUIT a 1-signal is set. 0-Signal: At Input QUIT a 0-signal is set.
E_FILL
BOOL
V1_N_T
BOOL
V2_N_T
BOOL
FAIL_P
BOOL
TIGH_OK
BOOL
QUIT_ON
BOOL
- 3-10 -
3.2.5
Parameter
All inputs with data type BOOL are initially set to 0. All inputs with data type TIME are initially set to T#0ms
Safety note Please note that the parameterized safety times must comply with corresponding safety standards.
- 3-11 -
3.3 Failsafe function block igniter (F_IGNTR)

3.3.1 Introduction
With the failsafe function block F_IGNTR the control of the ignition process for burners will be carried out. The igniter function block controls the activation of the igniter fuel valves for the supply of the igniter fuel and the igniter transformer, which lights the flame by means of the produced sparks. In case of a failure the components controlled by the function block are brought into a safe mode. If the burner is in a stop mode, it is possible to run an ignition test with the failsafe function block. The safety time and the length of time producing sparks for the ignition must be parameterized at the inputs of the block. .
Note When this block is used, the blocks F_TON (FB 185), F_TP (FB184) and F_BO_W (FC176) have to be present in the block folder.
- 3-12 -
3.3.2
Mode of operation
The igniter is started by a 1-signal delivered by the corresponding gas or oil burner failsafe function. The igniter function block is ready to start operation, if all the safety criteria are fulfilled, e. g. the igniter pre interlock and the switching conditions are fulfilled, no other programs are activated and no faults, which have not been quit, should be present. The output signal OPEN_V supplies a 1-signal and drives the igniter fuel valves open. Within the parameterized safety time the igniter transformer is controlled through impulses coming from the output TRANSF (impulse sequence TIME2). At the input IGN_OP a 1-signal from the igniter flame detector should be received. In this case, the output IGN_OPAT supplies a 1- signal (igniter is in operation), otherwise a failure report will be set at the output DISRUP, which interrupts the ignition. With the command QUIT the failure signal can be reset and the ignition can be restarted. In certain cases a second igniting process is allowed. It is to be understood, that the second igniting process immediately follows on the first one. To guarantee this, a maximum time should be defined for the ignition. A restriction can be reached on the igniting pre-speed duration by means of a run time-out circuit. This is a wiring, which makes sure, that during the ignition the utmost possible complete igniting duration isn't exceeded. This restriction isn't contained in the constituent and therefore must be created if more than an igniting test shall be carried out without bubbling. For this the appropriate standards have, however, to be consulted. With the constituent F_IGNTR the signal also can be supervised by the pilot flame monitor. If the igniter is turned off, the signal of "IGN_OP" (signal of the pilot flame monitor) is reset also within the parameterized time "PFSF_Time" ("Pilot Flame Sensor Failure Time"), otherwise the diagnosis bit 13 is set. This indicates that the igniter flame guardian delivers a wrong signal. As long as this fault still lines up, the igniter cannot be started again. It is also possible to turn this function off e.g. because the signal IGN_OP is delivered by a flame guardian which also supervises the main flame. In this case IGN_OP is also "1" if the igniter is turned off. To avoid a failure report, the entrance "PFSF_MODE" can be put "on 1", in this case IGN_OP isn't supervised.
- 3-13 -
3.3.3
Time diagram
Optimal signal behavior The optimal signal behavior for failsafe function block F_IGNTR is shown in the following picture.
1) 2) 3) 4) 5) 6) 7) 8) 9)
IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN RUN_TFAIL BU_OP PFSF_MODE IGN_READ IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP QUIT_ON DIAG 00 00 TIME2 TIME1 legend: input = 1 input net relevant output = 1 00 00 00 00 00 00 00 800 800 00 TIME2 TIME1
Start igniter Start igniter test Stop igniter test Failure acknowledgement Igniter pre interlock fulfilled Switching conditions fulfilled Igniter in operation, flame present Other programs running Run time exceeded Burner in operation Supervision mode pilot flame sensor Igniter ready Igniter test in operation Igniter activated Opening igniter valves Activating igniter transformer Igniter in operation after safety margin Disruption Quit is active Diagnosis word (hexadecimal)
Description of the optimal signal behavior: 1) - igniter pre interlock fulfilled (INT_FLUF=1) - igniter is ready (IGN_READ=1)
2)
- switching conditions are fulfilled (SW_COND=1), - start igniter (IGN_ON=1, permanent signal from failsafe igniter block) - report igniter is activated (IGN_ENGD=1) - igniter gas valves were opened (OPEN_V=1) - timer TIME1 for ignition security time starts, - timer TIME1 for ignition transformer starts, - ignition transformer is activated with impulses (TRANSF=1)
- time TIME2 has ended, - ignition transformer is not activated any more (TRANSF=0) - IGN_OP=1: flame detector reports an ignition flame
- 3-14 -
3)
4)
5) 6)
- after end of TIME1 and IGN_OP is applied one gets the report at output IGN_OPAT - switching off igniter (IGN_ON=0) - igniter is no more activated (IGN_ENGD=0) - igniter gas valves are closed (OPEN_V=0) - ignition flame is extinguished (IGN_OP=0) - report at output IGN_OPAT is reset - test start order was applied, but reset (DIAG 800h) - if IGN_ON is reset for ignition, ignition is interrupted.
7)
8) 9)
Optimal signal behavior igniter test The optimal signal behavior for failsafe function block F_IGNTR is shown in the following picture for the test case.
1) 2) 3) 4) 5) 6) 7)
IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN RUN_TFAIL BU_OP PFSF_MODE IGN_READ IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP QUIT_ON DIAG 00 00 00 00 00 00 00 00 00 00
TIME2 TIME1 legend: input = 1 input not relevant output = 1
- 3-15 -
Description of optimal signal behavior igniter test 1) - switching conditions and igniter pre interlock are fulfilled (SW_COND=1, INT_FLUF=1) - start of igniter test (positive pulse signal at input IGNT_ON) - report igniter is activated (IGN_ENGD=1) - igniter gas valves are opened (OPEN_V=1) - timers TIME1 and TIME2 start - ignition transformer is activated with pulses (TRANSF=1) - TIME2 run down, - ignition transformer is no longer activated (TRANSF=0) - IGN_OP=1: flame detector reports an ignition flame - at the end of TIME1 an with IGN_OP applied one gets the report at output IGN_OPAT - with IGN_ON change to standard operation switching off igniter (IGN_ON=0) - igniter is no longer activated (IGN_ENGD=0) - igniter gas valves are closed (OPEN_V=0) ignition flame is extinguished (IGN_OP=0) - report at output IGN_OPAT is reset
2)
3) 4)
5) 6)
7)
- 3-16 -
Signal behaviour in case of failure The next pictures show the signal behavior of the failsafe function block igniter (F_IGNTR) for possible error cases. Ignition flame failure
1) 2) 3) 4) 5)
IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN RUN_TFAIL BU_OP PFSF_MODE IGN_READ IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP QUIT_ON DIAG 00 00 00 TIME2 TIME1 legend: input = 1 input not relevant output = 1 00 4040 00 00 00 00 TIME2 TIME1 00 4040 00
Description of the signal behavior in case of failure: 1) no ignition flame is detected after time TIME1 has run out (IGN_OP=0), ignition process is interrupted. - at output DISRUP an ignition error is reported quit of the ignition error (QUIT=1) - report of the ignition error disappears (DISRUP=0) - igniter is ready (IGN_READ) with a positive edge at IGNT_ON, starts the igniter test. - igniter is activated (IGN_ENGD=1) - Valves are activated (OPEN_V=1) - ignition transformer is activated (TRANSF=1) - TIME1 and TIME2 start - after time TIME1 has run out exists no ignition flame - at output DISRUP gets the report of an ignition error - ignition process is interrupted.
2)
3)
4)
quitting of ignition error - DISRUP is reset Failure in the switching conditions or the interlock
SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology - 3-17 -
5)
1)
2)
3)
4)
5)
IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN RUN_TFAIL BU_OP PFSF_MODE IGN_READ IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP QUIT_ON DIAG 00 00 01 01 00 00 00 00 01 00 00 00 00 01 01 00 00 00 00 01 01 00 00
legend:
input = 1 input not relevant output = 1
Description of signal behavior at failures in the switching conditions or the interlock: 1) - igniter pre interlock is during ignition operation no more fulfilled (INT_FLUF=0, igniter is not yet in operation) - ignition is stop. - failure report at output DISRUP - switching conditions are during ignition operation no more fulfilled (SW_COND=0, igniter is not yet in operation) - ignition is stop. - failure report at output DISRUP - igniter is in operation (IGN_ON=1) - igniter pre interlock is no more fulfilled (INT_FLUF=0) - ignition is stop. - failure report at output DISRUP - igniter is in operation (IGN_ON=1) - switching conditions are no more fulfilled (SW_COND=0), ignition is stop. - failure report at output DISRUP all ignition errors have to be quit.
2)
3)
4)
5)
- 3-18 -
Diagnosis PFSF Mode

1) 2) 3) 4) 5) 6)
IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN RUN_TFAIL BU_OP PFSF_MODE IGN_READ IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP QUIT_ON DIAG 00 00 PSFS_Time legend: input = 1 input not relevant output = 1 2000 2000 2000 2000 2000 00 00 00
PFSF_MODE active (PFSF_MODE=0) 1) igniter is not in operation (IGN_OPAT= 0), but an ignition flame is reported at input IGN_OP. - timer PFSF_Time for control is started. after time PFSF_Time applies still GN_OP=1, an ignition flame failure is shown in diagnosis word DIAG (DIAG=2000) igniter can not be started again , because ignition flame detector failure applies (DIAG=2000 ) - igniter test can also not be started , because ignition flame detector failure applies (DIAG=2000) with quitting the failure is deleted in diagnosis word, igniter can be started again (IGN_READ=1).
2)
3)
4)
5)
PFSF_MODE de active (PFSF_MODE=1) 6) - igniter is not in operation (IGN_OPAT= 0), but an ignition flame is reported at input IGN_OP. - ignition flame control is de active (PFSF_MODE=1) - timer PFSF_Time for control is not started.
- 3-19 -
3.3.4
Block I/Os
Inputs F_IGNTR Name IGN_ON Data type BOOL Description Start igniter The incoming 1-signal of the gas- or oil burner block effects a switching on of the igniter and in connection with other inputs the activation of the Ignition valves. A running ignition test would be interrupted. Start igniter test With a 1-Signal the ignition test is started. The manual input is saved and e.g. at switching off the Ignition test is reset. Note: IGNT_ON has to be operated with a single-channel pushbutton. (Please use an N/O contact for the IGNT_ON parameter) Stop igniter test Here the ignition test is finished by manual Input. Note: IGNT_OFF has to be operated with a single-channel pushbutton. (Please use an N/C contact for the IGNT_OFF parameter) Failure acknowledgement If there is an ignition error, the set 1-Signal at the output DISRUP will be reset. The acknowledgement is only possible by positive edge at QUIT and has no effect in standard operation. Igniter pre interlock fulfilled All conditions which have to be fulfilled for a safe function of the igniter are logically connected in the forefield and set on this Input. (e. g. vessel is preventilated, necessary gas pressure of the ignition fuel is set) 1-signal = igniter and ignition test can be started 0-signal = interlock not fulfilled, igniter start is not possible Switching conditions fulfilled Ignition of the fuel will only be started if a 1-signal is set on this input. Emergency stop signal, vessel preventilated Igniter in operation, flame present Input of the ignition flame detector. IGN_OP=0: no ignition flame IGN_OP=1: existing ignition flame Other programs running As long as a 1-signal is set here, i. e. other programs are running, the ignition test cannot be executed. If several programs are considered, they will be connected with an OR-operation to the input. Run time exceeded Input for the supervision of run time. (s.3.3.2) Burner in operation If a "1" is set on this input, the ignition test will not be executed. This input serves as safety so that the ignition test cannot be started inadvertently during the igniter operation.
IGNT_ON
BOOL
IGNT_OFF
BOOL
QUIT
BOOL
INT_FLUF
BOOL
SW_COND
BOOL
IGN_OP
BOOL
PRG_RUN
BOOL
RUN_TFAIL BU_OP
BOOL BOOL
- 3-20 -
Name
Data type
Description Supervision mode pilot flame sensor The value at the input PFSF_MODE switches on or off the supervision of the ignition flame detector. If PFSF_MODE=0, the ignition flame detector will be controlled, i. e. there will be an error message if the igniter is not in operation, but if a flame is messaged longer than the time PFSF_TIME. (IGN_OPAT=0 and IGN_OP=1) The ignition flame detector error is shown in the diagnosis word with the value 2000 (HEX) and has to be acknowledged before the igniter can be started once again. If PFSF_MODE=1, this function will be deactivated. Default value = 0 Safety time pilot burner If all safety conditions for the ignition process are fulfilled, the igniter will be started within the safety time. Standard value : 0s < TIME1 < 30s Time for drive pulse ignition transformer Time of the duration of the ignition impulse (Impulse-Timer) Standard value : 0s < TIME2 < 30s Supervising time for the ignition flame detector If PFSF_MODE=0, and the igniter is not running, the input must be IGN_OP "0", before the timer PFSF_Time has passed off.
PFSF_MODE BOOL
TIME1
TIME
TIME2
TIME
PFSF_Time
TIME
Outputs F_IGNTR Name IGN_READ Data type BOOL Description Igniter ready Message if the igniter is ready: 1-signal = ready 0-signal = igniter not ready. IGN_READ only becomes "1", if no ignition errors are shown and the igniter pre interlock is fulfilled. Igniter test in operation Messages that the ignition test is active if a 1-signal is set at the output. Igniter activated If the igniter pre interlock and the switching conditions (INT_FLUF=1 and SW_COND=1) are fulfilled, the ignition process starts with IGN_ON or IGNT_ON. IGN_ENGD can be used to activate the igniter. ING_ENGD is "1" if the igniter is in test mode or in standard operation. Opening igniter valves 1-Signal: valves of ignition gas are opened 0-Signal: valves of ignition gas are closed Activating igniter transformer 1-Signal: ignition transformer is activated 0-Signal: ignition transformer remains off
IGN_TEST
BOOL
IGN_ENGD
BOOL
OPEN_V
BOOL
TRANSF
BOOL
- 3-21 -
Name IGN_OPAT
Data type BOOL
Description Igniter in operation after safety margin 1-signal is set if the igniter has started within the safety time and if it is running after the safety time. A 0-Signal is set if the igniter is not running. This output of the F_IGNTR block forwards the information to the gas burner- and/or oil burner block. As long as the igniter is not running, there is no 1-Signal and therefore it is not possible to start the F_GAS_BU or F_OIL_BU. Disruption This signal is a feedback signal for the function block as well as an error message. 1-signal: error in the ignition process 0-signal: no failure in the ignition process Quit is active 1-signal: a 1-signal is set at input QUIT. 0-signal: a 0-signal is set at input QUIT. Diagnosis word (hexadecimal) This output displays information on the status and errors of blocks. (see table "Diagnosis F_IGNTR" )
DISRUP
BOOL
QUIT_ON
BOOL
DIAG
WORD
Diagnosis F_IGNTR Bit Nr. 0 Description Starting command (IGN_ON) or test starting command (IGNT_ON) is set while the igniter pre interlock is inactive (INT_FLUF=0) Starting command (IGN_ON) or test start command (IGNT_ON) is set while run time is exceeded (RUN_TFAIL=1) Starting command (IGN_ON) or test start command (IGNT_ON) is set during Igniter is faulty (DISRUP=1). Reserve Switching conditions not fulfilled (SW_COND=0) Reserve Signal of the ignition flame detector is missing (IGN_OP=0) Reserve IGNT_ON is set while PRG_RUN is active Remark This message is reset if: - INT_FLUF=1 is (DISRUP=0) - after a positive edge at QUIT (DISRUP=1) This message is reset if: - RUN_TFAIL=0 - a positive edge at QUIT is set (DISRUP=1) This message is reset after a positive edge on QUIT
3 4 5 6 7 8
This message is reset after a positive edge on QUIT This message is reset after a positive edge at QUIT This message will be reset if: - PRG_RUN=0 - a positive edge at QUIT is set. This message will be reset if: - IGNT_OFF is not active (IGNT_OFF=1) - a positive edge at QUIT is set. This message will be reset if: - BU_OP=0 - a positive edge at QUIT is set This message will be reset if: - IGN_ON=0 - a positive edge at QUIT is set
10
11
12
IGNT_ON is active while IGNT_OFF is active (IGNT_OFF=0). This means the desired test start process must not be carried out. Test starting command (IGNT_ON) is active while the igniter is running (BU_OP=1) Test starting command (IGNT_ON) is active while the igniter is activated (IGN_ON=1) Reserve
- 3-22 -
Bit Nr. 13
Description The ignition flame detector gives a signal (IGN_OP=1), although the igniter is not activated (IGN_ENGD=0) Supervising time of the ignition process is exceeded Reserve
Remark This message is reset after a positive edge at QUIT This message is reset after a positive edge at QUIT
14 15
- 3-23 -
3.3.5
Parameter
Allowed safety times for blowpipes burner type maximal (kW) Heating power of firing maximal in sec at startup pilot burner <= 5 % Of the maximal 10 Heating power of firing the Main burners 5
3)
Safety
time
in Operation -
> 5 % <= 8 % >8%
as for the Main burners
Table: Allowed safety times according to TRD 412
- 3-24 -
3.4 Failsafe function block air damper control (F_AIRD)

3.4.1 Introduction
The failsafe function block F_AIRD carries out the control of the air supply in the air dampers. Additionally it provides the possibility to keep the air dampers in a defined ignition position.
Note When this block is used, the block F_TON (FB 185) has to be present in the block folder
- 3-25 -
3.4.2
Mode of operation
On activation of the input OPEN_AD resp. CLOSE_AD, the outputs OPEN_1 and OPEN_2 resp. CLOSE_1 and CLOSE_2 will deliver a 1-signal, for opening resp. closing the air dampers. The inputs are interlocked, i.e. if a 1-signal is applied to both inputs no reaction will take place at the outputs. However, if there is a 1-signal delivered to one input a reaction is to be expected at the corresponding output (as described above). If the air damper gets open (signal AD_OPEN=1) or closed (signal AD_CLOSED=1) within the parameterized time T2_OPEN or T1_CLOSE, the outputs OPEN_1and CLOSE_1 are reset. The outputs OPEN_2 and CLOSE_2 stay set as long as the corresponding input (OPEN_AD or CLOSE_AD) stays set. If the air damper is not opened (signal AD_OPEN=1) or closed (signal AD_CLOSED=1) within the parameterized time T2_OPEN or T1_CLOSE, a 1-signal is continuously delivered to output FAIL_ADO or FAIL_ADC indicating an error at the air damper This error signal is reset by a positive edge at input QUIT. The error signal FAIL_POS is set if there is a 0-signal at input AD_IGNPOS and a 1-signal simultaneously at AD_OPEN and AD_CLOSED Quitting is necessary for this report. With a 1-signal at input AD_IGNPOS, the air dampers are brought into ignition position. The output OPEN_1 is set if the air damper has a position under the defined maximum but not over the defined minimum (AD_MAX=1 and AD_MIN=0). Otherwise, the position of the air damper is over the defined maximum and over the defined minimum (AD_MAX=0 and AD_MIN=1), the CLOSE_1 command will be set. The error signal FAIL_POS is set if a 1-signal is supplied to input AD_IGNPOS and a 0-signal is simultaneously applied to both inputs AD_MIN and AD_MAX or if a 0-signal is applied to input AD_IGNPOS and a 1-signal to both AD_CLOSED and AD_OPEN simultaneously. Quitting is necessary in both cases. When input AD_IGNPOS is set the inputs OPEN_AD and CLOSE_AD will cause no reaction at the outputs OPEN_1 and CLOSE_1.
- 3-26 -
3.4.3
Time diagram
Optimal signal behavior The optimal signal behavior for the failsafe function block F_AIRD is shown in the following picture.
1) 2) 3) 4) 5)
CLOSE_AD AD_IGNPOS OPEN_AD AD_CLOSED AD_MAX AD_MIN AD_OPEN QUIT CLOSE_1 CLOSE_2 OPEN_1 OPEN_2 FAIL_ADC FAIL_ADO FAIL_POS QUIT_ON AD_IGNPOS_OK T1_CLOSE legend: input = 1 input not relevant output = 1 T2_OPEN
Close air damper Drive air damper into igniting position Open air damper Air damper closed Air damper underneath the maximal ignition position Air damper above the minimal ignition position Air damper opened Failure acknowledgement Air damper closing command 1 Air damper closing command 2 Air damper opening command 1 Air damper opening command 2 Failure during closing Failure during opening Failure AD_MIN/ AD_MAX or AD_OPEN/ AD_CLOSED Quit is active Ignition position reached
Description of the optimal signal behavior: 1) - command close air damper (CLOSE_AD=1) - air damper is closed (CLOSE_1=1, CLOSE_2=1) - timer T1_CLOSE starts - air damper is closed, within T1_CLOSE, - output CLOSE_1 is reset, CLOSE_2 is still reset (up to CLOSE_AD=0) - command open air damper (OPEN_AD=1) - air damper is opened (OPEN_1=1, OPEN_2=1) - timer T2_OPEN starts - air damper opened, within T2_OPEN - output OPEN_1 is reset, OPEN_2 is still reset (up to OPEN_AD=0) - the inputs CLOSE_AD and OPEN_AD are interlocked, i.e. if a 1-signal is applied to both inputs no reaction will take place at the outputs
2)
3)
4)
5)
- 3-27 -
Signal behavior for ignition position of air dampers The next picture shows the signal behavior of the failsafe function block F_AIRD for ignition position of the air dampers.
1)
CLOSE_AD AD_IGNPOS OPEN_AD AD_CLOSED AD_MAX AD_MIN AD_OPEN QUIT CLOSE_1 CLOSE_2 OPEN_1 OPEN_2 FAIL_ADC FAIL_ADO FAIL_POS QUIT_ON AD_IGNPOS_OK
2)
3)
4)
5)
legend:
Description for signal behavior ignition position of air dampers: 1) - command "to bring air damper in ignition position" is on (AD_IGNPOS=1) - air damper is over the maximum (AD_MAX=0), air damper will be closed 2) air damper is bellow the maximum (AD_MAX=1) and over the minimum (AD_MIN=1) - air damper in ignition position (AD_IGNPOS_OK=1) 3) 4) air damper is bellow the minimum (AD_MIN=0), air damper will be opened - air damper is bellow the maximum (AD_MAX=1) and over the minimum (AD_MIN=1) - air damper in ignition position (AD_IGNPOS_OK=1) 5) - " air damper in ignition position " is no longer on (AD_IGNPOS=0) - AD_IGNPOS_OK=0
- 3-28 -
Signal behavior in case of failure Signal behavior of the failsafe function block F_AIRD (air damper control) for possible cases of failure is shown in the following picture.
1) 2) 3) 4) 5) 6) 7) 8) 9) 10)
CLOSE_AD AD_IGNPOS OPEN_AD AD_CLOSED AD_MAX AD_MIN AD_OPEN QUIT CLOSE_1 CLOSE_2 OPEN_1 OPEN_2 FAIL_ADC FAIL_ADO FAIL_POS QUIT_ON AD_IGNPOS_OK
T1_CLOSE legend: input = 1 input not relevant output = 1
T2_OPEN
Description for signal behavior in case of failure: 1) - Command Air damper close (CLOSE_AD=1) - Air damper is closed (CLOSE_1=1, CLOSE_2=1) - Timer T1_CLOSE starts 2) - Air damper within of T1_CLOSE not closed (AD_CLOSED=0), - Failure signal at output FAIL_ADC - Command "Air damper close" is reset 3) - Failure quitting (QUIT=1), QUIT_ON is set as long as quitting is on - Failure signal is reset (FAIL_ADC=0) 4) - Command Air damper open - Air damper is opened, timer T2_OPEN starts 5) - Air damper within of T2_OPEN not opened (AD_OPEN=0) - Failure signal at output FAIL_ADO - The Command "Air damper open" is reset
- 3-29 -
6) 7)
- Failure quitting (see point 2) - Failure report FAIL_POS is on, if at input AD_IGNPOS a 0 signal and at AD_CLOSED or AD_OPEN at same time a 1 Signal is on.
8) 9)
- Failure quitting (see point 2) - The Failure report FAIL_POS is on, if at input AD_IGNPOS a 1 Signal and at AD_MIN and AD_MAX at same time a 1 Signal is on.
10)
- Failure quitting
- 3-30 -
3.4.4
Block I/Os
Inputs F_AIRD Name CLOSE_AD Data type BOOL Description Close air damper If AD_IGNPOS and OPEN_AD=0 without any errors, the outputs CLOSE_1 and CLOSE_2 are set on this input in case of a 1-signal. Drive air damper into igniton position If the air dampers are to be run in ignition position, a 1-signal should be set on this input. After that a check takes place, if the air damper is between the minimum and maximum range required for the ignition. If AD_IGNPOS is active, the inputs CLOSE_AD and OPEN_AD have no effect. The outputs CLOSE_1 and OPEN_1 control the air damper to keep it between the minimum and maximum position. Open Air damper If AD_IGNPOS and CLOSE_AD are zero without any errors, the outputs OPEN_1 and OPEN_2 are set on this input in case of a 1-signal. Air damper closed Message from the position sensor: 1-Signal = the air damper is closed 0-Signal = the air damper is not closed Air damper opened Message from the position sensor: 1-Signal = the air damper is opened 0-Signal = the air damper is not opened Air damper underneath the maximal ignition position Message from the position sensor: 1-signal = air damper is below the installed value of the maximum ignition position 0-signal = air damper is above the installed value of the maximum ignition position If: AD_MAX and AD_MIN are active, the position of the air damper is between the minimum and maximum range (output AD_IGNPOS_OK is set). AD_MAX=0 and AD_MIN=1, the air damper has to be closed (output CLOSE_1 is set). AD_MAX=1and AD_MIN=0, the air damper has to be opened (output OPEN_1 is set). AD_MAX=0 and AD_MIN=0, the position information of the sensors is wrong. (output FAIL_POS is set) AD_MIN BOOL Air damper above the minimal ignition position Message of the position sensor: 1-signal = the air damper is above the installed value of the minimum ignition position 0-signal = air damper is below the installed value of the minimum ignition position (see description for AD_MAX)
AD_IGNPOS
BOOL
OPEN_AD
BOOL
AD_CLOSED
BOOL
AD_OPEN
BOOL
AD_MAX
BOOL
- 3-31 -
Name QUIT
Data type BOOL
Description Failure acknowledgement A set error signal on the outputs FAIL_ADC, FAIL_ADO or FAIL_POS can be reset with a positive edge. The acknowledgment takes place by a positive edge on QUIT and has no effect on standard operation. Time to close air damper Within this time the air damper has to be closed, otherwise there is an error signal at the output FAIL_ADC. Standard value: 0min < T1_CLOSE < 10min Time to open the air damper Within this time the air damper has to be opened, otherwise a failure signal is set at the output FAIL_ADO. Standard value: 0min < T2_OPEN < 10min
T1_CLOSE
TIME
T2_OPEN
TIME
Outputs F_AIRD Name CLOSE_1 Data type BOOL Description Air damper closing command 1 Activation signal for closing the air damper; 1-signal = close air damper This output is set if there is no error: AD_IGNPOS=0, OPEN_AD=0 and CLOSE_AD=1 are. In this case he is reset if the air damper is closed ( Input AD_CLOSED=1) or: AD_IGNPOS=1 and AD_MAX=0 and AD_MIN=1 In this case it is reset if the air damper is in the right position (AD_MAX=1 and AD_MIN=1) Air damper closing command 2 Activation signal for closing the air damper; 1-Signal = close air damper This output is set if there are no errors, AD_IGNPOS=0 and OPEN_AD=0 This output is independent of AD_CLOSED and is reset if the command "air damper close" does not exist any more. (input CLOSE_AD=0) Air damper opening command 1 Activating signal for opening the air dampers; 1-signal = air damper open This output is set if there are no errors: AD_IGNPOS=0, CLOSE_AD=0 and OPEN_AD=1 In this case the output is reset if the air damper is opened ( input AD_OPEN=1) or: AD_IGNPOS=1 and AD_MAX=1 and AD_MIN=0 In this case the output is reset if the air damper is in the right position (AD_MAX=1 and AD_MIN=1) Air damper opening command 2 Activating signal for opening the air damper; 1-Signal = air damper open This output is set if there are no errors, AD_IGNPOS=0 and CLOSE_AD=0 This output is independent of AD_OPEN and is reset if the command "air damper open" does not exist anymore. (Input OPEN_AD=0)
- 3-32 -
CLOSE_2
BOOL
OPEN_1
BOOL
OPEN_2
BOOL
Name FAIL_ADC
Data type BOOL
Description Failure during closing 1-signal = error when closing the air damper i. e. the air damper could not be closed in the parameterized time (T1_CLOSE ) 0-signal = there is no error. The failure has to be reset with a positive edge at input QUIT to continue operating the function F_AIRD. Failure during opening 1-Signal = there is an error at the opening of the air damper i. e. the air damper could not be opened in the parameterized time (T2_OPEN). 0-Signal = there is no error. The error has to be reset with a positive edge at input QUIT to continue operating the function F_AIRD. Failure AD_MIN/ AD_MAX or AD_OPEN/ AD_CLOSED The error message FAIL_POS is set if 0 is set on the input AD_IGNPOS as well as on AD_MIN and AD_MAX at the same time or if 0 is set on AD_IGNPOS while 1 is set on AD_OPEN and AD_CLOSED. The error has to be reset on the input QUIT to continue operating the function F_AIRD. Quit is active 1-signal: on input QUIT a 1-signal is set. 0-signal: on input QUIT a 0-signal is set. Ignition position reached This output is set if the function "air damper in ignition position drive" is active (AD_IGNPOS=1) and the air damper in the right position.
FAIL_ADO
BOOL
FAIL_POS
BOOL
QUIT_ON
BOOL
AD_IGNPOS_ OK
BOOL
- 3-33 -
3.4.5
Parameter
- 3-34 -
3.5 Failsafe function block oil burner (F_OIL_BU)

3.5.1 Introduction
The failsafe function block F_OIL_BU is used for the control of oil burners in fuel technology. The following functions are carried out by this block: Supervision of the cleaning of the fuel residue nozzle Activation of the oil valves Triggering of the igniter block to start ignition Supervision of the safe function of the function block at the Inputs of the switch on, start up and operation interlock. Therefore it is possible, to insure in every state of process optimal safety of the function.
Note When this block is used, the blocks F_TON (FB 185) and F_BO_W (FC176) have to be present in the block folder.
- 3-35 -
3.5.2
Mode of operation
The operation of the failsafe block F_OIL_BU starts with a positive edge at the input STA_OBU. For this, the preconditions for the switch-on pre-interlock (SW_INTL=1) and the start-up pre-interlock (ST_INTRL) have to be fulfilled. In the single operation mode, the burner cannot start up if the main flame detector indicates that a flame is available (OILFIRE=1). In multi-operation mode (BU_OP=1), the oil start-up program starts even if a flame is in the boiler. This is indicated by a 1signal at the output OIL_RUN. In single operation mode of the burner, the fuel valves and the air dampers should be in the ignition position (V_IGNPOS and AD_IGNPOS=1). Subsequently, the igniter is activated via the IGN_ON. If a 1-signal is set at the input OILFIRE (flame in the boiler) and BU_OP (other oil burner already in operation), no positive signals at V_IGNPOS and AD_IGNPOS are necessary for the igniter to start up. In both cases, the air and oil criteria (e.g. oil pressure valid) have to be fulfilled (AIRFL_OK=1 and OIL_OK=1) in order to be able to activate the igniter function block. If all these conditions are fulfilled, the output OPEN_STV (activation of the atomizer vapour valve) is set to "1". When the atomizer valve is open, a positive signal is applied to input STV_OPEN and the timer T1_VDZ (time for draining the atomizer vapour) starts. At the end of the parameterized time, the igniter block is activated (output IGN_ON=1). If the fuel is successfully ignited, a positive signal is applied to the input PROTEC (operation interlock). This input is used for all conditions which are necessary to be fulfilled for the safe operation of the oil burner. If safety failures do not occur (PROTEC=1) during the safety time T2_ZSI, the output OIL_OPAT us set to "1". The operation of the burner can be interrupted at any time by a positive edge at the input STO_GBU. If the burner has been cleaned (input E_CLEAN=1), T3_LSI is used as the safety time. T3_LSI includes the filling and safety time. During operation, all the operation interlocks, the air and gas criteria have to be fulfilled and the flame must be available (i.e. a "1"signal must be set at the inputs PROTEC, AIRFL_OK, OIL_OK and OILFIRE). The operation is interrupted by a 0-signal at the input of the operation interlock (PROTEC), the oil criteria (OIL_OK), the air criteria (AIRFL_OK) or the input of the main flame. In this case, the output PROTEC_F is set. It must be reset before the next start-up by a positive edge at input QUIT. The block F_OIL_BU is therefore used for monitoring the signal from the main flame detector. If the burner is switched off, the signal "OILFIRE" (signal from the main flame detector) must be reset therefore within the parameterized time: "MFSF_Time" ("Main Flame Sensor Failure Time"). Otherwise, the diagnosis bit 13 will be set.
- 3-36 -
3.5.3
Time diagram
Optimal signal behavior in single operation mode The optimal signal behavior of the failsafe function blocks F_OIL_BU is shown in the following picture.
Case 1:
1) 2) 3) 4) 5) 6) 7)
Case 2:
1) 2) 3) 4) 5) 6) 7)
SW_INTL ST_INTRL PROTEC STA_OBU STO_OBU V_IGNPOS OILFIRE OIL_OK STV_OPEN CSTV_CLO AD_IGNPOS AIRFL_OK IGN_OP BU_OP E_CLEAN QUIT OIL_RUN OPEN_STV IGN_ON OPEN_OV OIL_OPAT GCLEAN PROTEC_F DIAG 00 200 00 T1_VDZ T2_ZSI legend: input = 1 input not relevant output = 1 800 00 00 00 00 00 00 200 00 T1_VDZ T3_LSI 800 00 00 00 00
Switch on interlock Start up interlock Operation interlock Start oil burner Stop oil burner Valve in ignition position Fire in boiler Oil criteria fulfilled Atomizer valve open Cleaning valve closed Air damper in ignition position Air criteria fulfilled Igniter in operation Another burner in operation Cleaning program finished Failure acknowledgement Cleaning program running Opening atomizer valve Activating igniter Opening oil valve Oil burner in operation after safety margin Oil lance blown out Failure Diagnosis word (hexadecimal)
Description for optimal signal behavior: Case 1: There is no filling time required for the oil lance 1) - interlock SW_INTL and ST_INTRL fulfilled - valves and air dampers are in ignition position (V_IGNPOS=1 and AD_IGNPOS=1) - oil lance is run in, oil- and air criteria are fulfilled (OIL_OK=1 and AIRFL_OK=1) - start of the oil burners by edge at input STA_OBU the atomization valve is opened (STV_OPEN=1) and the timer for the draining starts after running out of timer the igniter is activated (IGN_ON=1)
2) 3)
- 3-37 -
4)
- Igniter is in operation (IGN_OP=1) and the steam blow-out valve is closed (CSTV_CLO=1) - the valves are opened (OPEN_OV=1), the safety time T2_ZSI is started - within the safety time all conditions for safe operation are fulfilled (PROTEC=1) and the flame exists (OILFIRE=1) - report OIL_OPAT is given after running up safety time - stopping by stop command at input STO_OBU
5)
6) 7)
Case 2: In this case, after the cleaning, the safety time T3_LSI is used as safety time for the oil burner. T3_LSI includes the safety time and the filling time for the oil lance. 1) - interlock SW_INTL and ST_INTRL fulfilled - valves and air dampers are in ignition position (V_IGNPOS=1 and AD_IGNPOS=1)) - oil lance is run in, oil- and air criteria are fulfilled (OIL_OK=1 and AIRFL_OK=1) - start of the oil burners by edge at input STA_OBU. - cleaning program ended (E_CLEAN=1) - output "oil lance blown out" is set (GCLEAN=1) - the atomizer valve is opened (STV_OPEN=1) and the timer for the draining starts - after running out of timer the igniter is activated (IGN_ON=1) - the igniter is in process (IGN_OP=1) and the steam blow-out valve is closed (CSTV_CLO=1) - the valves are opened (OPEN_OV=1), the safety time T3_LSI is started - within the safety time all conditions for safe operation are fulfilled (PROTEC=1) and the flame exists (OILFIRE=1) - report OIL_OPAT is given after running up safety time. - GCLEAN is reset - stopping by stop command at input STO_OBU
2) 3) 4)
5)
6)
7)
- 3-38 -
Optimal signal behavior in multi burner operation In the next picture the following case is shown: Several burners are operated in one combustor, the first burner is controlled as it is in single operation, for the second and all the rest, a flame is already available in the boiler (OILFIRE=1). Therefore for these burners the inputs V_IGNPOS and AD_IGNPOS have not to be set. The signal behavior is as follows:
1) 2) 3) 4) 5) 6) 7)
SW_INTL ST_INTRL PROTEC STA_OBU STO_OBU V_IGNPOS OILFIRE OIL_OK STV_OPEN CSTV_CLO AD_IGNPOS AIRFL_OK IGN_OP BU_OP E_CLEAN QUIT OIL_RUN OPEN_STV IGN_ON OPEN_OV OIL_OPAT GCLEAN PROTEC_F DIAG 00 200 00 T1_VDZ T2_ZSI legend: input = 1 input not relevant output = 1 800 00 00 00 00
Description for optimal signal behavior in multi-burner operation: 1) - interlock SW_INTL and ST_INTRL fulfilled - other burner in operation (BU_OP=1) - flame is available in the combustor (OILFIRE=1) - oil lance is run in and oil and air criteria are fulfilled (OIL_OK=1, AIRFL_OK=1) - start of oil burner by edge at input STA_OBU - the atomizer valve is open (STV_OPEN=1) and the timer for draining starts
- 3-39 -
2)
3) 4)
- on expiration of the timer the igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) and the steam blow-out valve is closed (CSTV_CLO=1) - valves are opened, the safety time T2_ZSI starts - within the safety time, all conditions for safe operation are fulfilled (PROTEC=1) and the flame is available (OILFIRE=1) the message OIL_OPAT is indicated on expiration of the safety time interruption by stop command at input STO_OBU
5)
6) 7)
Signal behavior in case of failure The following picture shows the signal behavior of the failsafe function block F_OIL_BU for possible failures.
Case 1:
1) 2) 3) 4) 5) 6) 7)
Case 2:
1) 2) 3) 4) 5) 6) 7) 8)
SW_INTL ST_INTRL PROTEC STA_OBU STO_OBU V_IGNPOS OILFIRE OIL_OK STV_OPEN CSTV_CLO AD_IGNPOS AIRFL_OK IGN_OP BU_OP E_CLEAN QUIT OIL_RUN OPEN_STV IGN_ON OPEN_OV OIL_OPAT GCLEAN PROTEC_F DIAG 00 200 00 T1_VDZ T2_ZSI legend: input = 1 input not relevant output = 1 800 00 00 00 5000 5000 200 00 T1_VDZ T2_ZSI 800 00 00 00 1000 00 00
- 3-40 -
Description of the signal behavior: Case 1: 1) - interlock SW_INTL and ST_INTRL fulfilled - valves and air dampers in ignition position (V_IGNPOS=1 and AD_IGNPOS=1) - oil lance is run in, oil and air criteria (OIL_OK=1 and AIRFL_OK=1) are fulfilled - start of oil burner by edge at input STA_OBU 2) 3) 4) - the atomizer valve is open (STV_OPEN=1) and the timer for draining starts - on expiration of the timer the igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) and the steam blow-out signal is closed (CSTV_CLO=1) - valves are opened, the safety time T2_ZSI starts - within the safety time, all conditions for safe operation are fulfilled (PROTEC=1) and the flame is available (OILFIRE=1) - the conditions for safe operation fail within the safety time (PROTEC=0 ) - the safety time has run out and the conditions for safe operation are not yet fulfilled again - start-up of burner is interrupted - no failure is indicated. - fire in the boiler extinguishes (OILFIRE=0)
5)
6) 7)
Case 2: 1) - interlock SW_INTL and ST_INTRL fulfilled - valves and air dampers in ignition position (V_IGNPOS=1 and AD_IGNPOS=1) - oil lance is run in and air criteria (OIL_OK=1 and AIRFL_OK=1) fulfilled - start of oil burner by edge at input STA_OBU 2) 3) 4) - atomizer valve is open (STV_OPEN=1) and the timer for draining starts - on expiration of the timer the igniter is activated (IGN_ON=1) - the igniter is in operation (IGN_OP=1) and the steam blow-out signal is closed (CSTV_CLO=1) - valves are opened, the safety time is started - within he safety time, all conditions for safe operation are fulfilled (PROTEC=1) and the fame is available (OILFIRE=1) - the message OIL_OPAT appears on expiration of the safety time - interruption by 0-signal at PROTEC - the failure is indicated at output PROTEC_F - failure PROTEC_F is reset by QUIT.
5)
6) 7)
8)
During operation, the inputs PROTEC, AIRFL_OK, OIL_OK and OILFIRE are monitored. Therefore, the behavior of the block will be the same as described under point 7 for PROTEC if another input than those listed above fails. The burner is stopped and the failure report PROTEC_F is activated.
- 3-41 -
3.5.4
Block I/Os
Inputs F_OIL_BU Name SW_INTL Data type BOOL Description Switch on interlock A 1-signal is set if all conditions are fulfilled which are necessary for the safe switching on of the oil burner. A 0-signal is set: if a condition is not fulfilled, e. g.: igniter is not ready. The oil burner cannot be started in this case. This input has to be set to start the igniter with the start command STA_OBU. If the output OIL_RUN is already active, this input does not have to be checked. Start-up interlock A 1-signal is set if all conditions are fulfilled which are necessary to start-up the oil burner safely. A 0-signal is set if a condition is not fulfilled, e. g. run time for start-up of the burner has been exceeded. The input has to be set so that the burner can be started up with the start command STA_OBU. The 1-signal has to be set during the complete operation. This means that the safety conditions have to be fulfilled before the burner is in operation (OIL_OPAT=1). PROTEC BOOL Operation interlock A 1-signal is set if all conditions are fulfilled which are necessary for a safe operation of the oil burner. A 0-signal is set as soon as one of the conditions is not fulfilled. The operational safety conditions have to be fulfilled on startingup, before the safety time has passed, and have to persist during operation. If this is not the case, PROTEC_F will be set. The signal of the flame detector, the air and oil safety conditions do not have to be set at this input, they have to be connected with the inputs OILFIRE, AIRFL_OK and OIL_OK. The start value for PROTEC is "1", therefore it is possible to operate the block even if no additional safety conditions are needed. STA_OBU BOOL Start oil burner A positive edge starts the oil burner if the switching on conditions are fulfilled. For this the following inputs have to be set: SW_INTL, ST_INTRL, OIL_OK, AIRFL_OK and V_IGNPOS, AD_IGNPOS for single operation or BU_OP, OILFIRE for multi-burner operation Stop oil burner A positive edge finishes the operation of the oil burner. Valve in ignition position 1-signal: oil control valve is in start position (precondition for starting-up the oil burner) 0-signal: control valve is not in start position; i. e. oil burner cannot be started.
ST_INTRL
BOOL
STO_OBU V_IGNPOS
BOOL BOOL
- 3-42 -
Name OILFIRE
Data type BOOL
Description Fire in boiler Signal of the main flame detector 1-signal: flame is in vessel 0-signal: there is no flame The burner cannot be started if it is in single operation (BU_OP=0) and the main flame detector reports a flame (OILFIRE=1). This input is controlled while the burner is in operation, as soon as it is not set the burner is stopped. PROTEC_F becomes "1".
OIL_OK
BOOL
Oil criteria fulfilled 1-signal: oil criteria fulfilled 0-signal: oil criteria not fulfilled (e. g. Oil lance not run in) This input is controlled while the burner is in operation, as soon as it is not set the burner is stopped. PROTEC_F becomes "1".
STV_OPEN CSTV_CLO
BOOL BOOL
Atomizer valve open Valve for atomizing the oil fuel is open if a 1-signal is set. Cleaning valve closed 1-Signal: valve for cleaning fuel rests with hot steam is closed 0-Signal: valve is opened Air damper in ignition position Air damper is in ignition position if a 1-signal is set. Air criteria fulfilled At this input a "1" has to be set so that the oil burner can be operated. If a 0-signal is set, an air criterion is not fulfilled, e. g. the fail safe function block F_AIRD messages an error on opening the air damper (for this a negated signal has to be connected). This input is controlled during burner operation. As soon as it is not set, the burner is stopped. PROTEC_F is "1".
AD_IGNPOS AIRFL_OK
BOOL BOOL
IGN_OP
BOOL
Igniter in operation Message of the f-block F_IGNTR. If a 1-signal is set, the igniter is ready. Otherwise a 0-signal is set. Another burner in operation 1-signal: other burners also firing the vessel are in operation. 0-signal: no burner in operation Cleaning propram finished 1-signal: separate program for cleaning the vessel has finished successfully. Therefore the output GCLEAN issues a 1-signal and the timer T3_LSI is started. 0-signal: Cleaning had not been performed. Failure acknowledgement If an error occurs in standard operation, it has to be reset with QUIT before a restart is possible. The acknowledgement is only done by a positive edge at QUIT and has no effect on standard operation. Drainage Time period in which the cleaned parts of the oil burner and vessel can be drained. After that ignition can take place. (time between opening the atomizer valve and activation of the igniter) Reference value: 0min < T1_VDZ < 2min
BU_OP
BOOL
E_CLEAN
BOOL
QUIT
BOOL
T1_VDZ
TIME
- 3-43 -
Name T2_ZSI
Data type TIME
Description Safety time oil burner Within this time period the oil burner should have ignited successfully. Reference value: 0min < T2_ZSI < 1min Safety and filling up time oil burner Within this time period the oil burner should have ignited successfully. This time period contains the safety time and filling up time for the fuel (oil). After the cleaning (E_CLEAN=1) it substitutes the safety time. Reference value: 0min < T3_LSI < 2min Supervision time for flame detector If the burner is switched off and no other burners are in operation (BU_OP=0, GBU_OPAT=0 and GAS_RUN=0), but the flame detector messages a flame (GASFIRE=1), the timer MFSF (Main Flame Sensor Fault) is started. If it still messages a flame after the parametrized flame, the diagnosis bit 13 is set. The error in the flame detector is messaged.
T3_LSI
TIME
MFSF_Time
TIME
Outputs F_OIL_BU Name OIL_RUN Data type BOOL Description Cleaning program running 1-signal: oil starting program has started 0-signal: oil starting program has not started or conditions for the start are not fulfilled (Switch on pre interlock=0) Opening atomizer valve 1-signal: valve for oil atomizing is activated 0-signal: valve for oil atomizing will be or remains closed Activating igniter After the drainage time (T1_VDZ) has passed the igniter is activated, the output gives a 1-signal. Opening oil valve 1-signal: Valves are opened 0-signal: Valves will be or remain closed Oil burner in operation after safety margin 1-Signal: oil burner is in operation 0-Signal: oil burner is in start-up phase or is not in operation (message to other burner blocks in multi burner operation) Oil lance blown out 1-signal: oil lance has been cleaned 0-singal: oil lance has not been cleaned Failure This output is set if the oil burner is in operation (OIL_OPAT) and then the input PROTEC, AIRFL_OK, OIL_OK or OILFIRE gets a 0-signal (interruption). Diagnosis word (hexadecimal) On this output information about function status and errors is shown. (see table "Diagnosis F_OIL_BU" )
OPEN_STV
BOOL
IGN_ON
BOOL
OPEN_OV
BOOL
OIL_OPAT
BOOL
GCLEAN
BOOL
PROTEC_F
BOOL
DIAG
WORT
- 3-44 -
Diagnosis F_OIL_BU Bit Nr. 0 Description Starting command is activated (STA_OBU=1) while SW_INTL=0. Starting command (STA_OBU=1) is activated while ST_INTRL=0. Starting command is activated (STA_OBU=1) while STO_OBU=1. Starting command is activated (STA_OBU=1) while PROTEC_F=1. The start activity cannot be executed! Ignition valve not in ignition position (V_IGNPOS=0) Remark This message is reset: - if SW_INTL=1 - after a positive edge at QUIT This message is reset: - if ST_INTRL=1 - after a positive edge at QUIT This message is reset: - if STO_OBU=0 - after a positive edge at QUIT This message is reset : - after a positive edge at QUIT This message is reset: - if (OIL_RUN=1), V_IGNPOS=1 during the start activity - if V_IGNPOS is not required (multi burner operation: BU_OP=1 and OILFIRE=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if (OIL_RUN=1), AD_IGNPOS=1 during the starting process - if AD_IGNPOS is no more required (multi burner operation: BU_OP=1 and OILFIRE=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if BU_OP and OILFIRE are equal "1" during multi burner operation. - after a positive edge at QUIT - after a new starting command
Air damper not in ignition position (AD_IGNPOS=0)
Main flame detector does not message flames This message is set if - OILFIRE=0 after the end of the safety time period - OILFIRE=0 and BU_OP=1 (multi burner operation) - if the burner is in operation, it is stopped and the message PROTEC_F appears Air criteria are not fulfilled (AIRFL_OK=0) - The start activity cannot be continued - If the burner is in operation, it is stopped and PROTEC_F is messaged Oil conditions are not fulfilled (OIL_OK=0) - The start activity cannot be continued - If the burner is in operation, it is stopped and PROTEC_F is messaged Feedback of atomizing valve is faulty (the Command OPEN_STV=1 but the feedback STV_OPEN=0)
This message is reset : - if (OIL_RUN=1), AIRFL_OK=1 during the start activity - after a positive edge at QUIT - after a new starting command This message is reset: - if (OIL_RUN=1), OIL_OK=1 during the start activity. - after a positive edge at QUIT - after a new starting command This message is reset: - if STV_OPEN=1 while OPEN_STV is set - after a positive edge at QUIT - after a new starting command
- 3-45 -
Bit Nr. 10
Description Blow out valve during ignition opened (CSTV_CLO=0)
Remark This message is reset: - if IGN_ON=1, IGN_OP=1 and CSTV_CLO=1 at the same time - after a positive edge at QUIT - after a new starting command This message is reset,: - if during active IGN_ON, IGN_OP=1. - after a positive edge at QUIT - after a new start command This message is reset: - after a positive edge at QUIT - after a new starting command This message is reset after a positive edge at QUIT
11
12
13
14
15
Igniter not in operation in spite of activation (IGN_OP=0 while IGN_ON=1) The oil burner cannot start because the pilot burner is not yet ignited. PROTEC signal is not set (PROTEC=0) - after the safety time has expired - during burner operation Main flame detector faulty (OILFIRE=1 and BU_OP=0) There is no main flame detector signal although no burner is in operation Supervision time for oil burner ignition is exceeded. OIL_OPAT after end of the safety time equal "0". Reserve
This message is reset: - after a positive edge at QUIT - after a new starting command
- 3-46 -
3.5.5
Parameters
All inputs of data type BOOL other than PROTEC are preset by a 0-signal. (input PROTEC is preset with a 1-signal) All inputs of data type TIME are preset by T#0ms
Safety note Please note that the parameterized safety times must comply with the corresponding standards.
Allowed safety times Oil flow in Safety time in seconds kg/h (maximal) at startup in operation Up to 30 over 30 10 5 10 1
Table: Safety times according to TRD 411
- 3-47 -
3.6 Failsafe function block gas burner (F_GAS_BU)

3.6.1 Introduction
The failsafe function block F_GAS_BU is used for the control of gas burners in the burner technology. The following functions are carried out by this block. Activation of the fuel valves Triggering of the igniter function block to start ignition. Supervision of the F-block for safe operation at the inputs of the switch-on, start-up and operation pre-interlock. An optimal safe operation of this block is thus guaranteed in every state of the process.
Note When this block is used, the blocks F_TON (FB 185) and F_BO_W (FC176) have to be present in the block folder.
- 3-48 -
3.6.2
Mode of operation
The operation of the failsafe block F-Block F_GAS_BU starts with a positive edge at the input STA_GBU. For this, the conditions of the switch-on interlock (SW_INTL=1) and the start-up interlock (ST_INTL=1) have to be fulfilled. In the single operation mode, the burner cannot start up if the main flame detector indicates that a flame is available (GASFIRE=1). In multi-operation mode (BU_OP=1) the gas start-up program starts even if a flame is available in the boiler. This is indicated by a "1"signal at the output GAS_RUN. In single operation mode of the burner, the fuel valves and the air dampers must be in the ignition position (V_IGNPOS and AD_IGNPOS=1). Subsequently, the igniter is activated by output IGN_ON. If a 1-signal is set at the inputs GASFIRE (flame in the boiler) and BU_OP (other gas burners in operation) no positive signals at V_IGNPOS and AD_IGNPOS are necessary for the igniter to start up. In both cases, the air and gas criteria (e.g. gas pressure valid) have to be fulfilled (AIRFL_OK=1 and GAS_OK= 1) in order to be able to activate the igniter function block. When the igniter indicates that it is ready for operation (Input IGN_OP=1), the fuel valves are opened and the safety timer is started (TIME_GBU). If a flame is available during the safety time (PROTEC=1), a positive signal is set at output GBU_OPAT (gas burner in operation after safety time). The operation of the burner can be interrupted at any time by a positive edge at the input STO_GBU. During operation, all the operation interlocks, the air and gas criteria have to be fulfilled and the flame must be available (i.e. a "1"signal must be set at the inputs PROTEC, AIRFL_OK, GAS_OK and GASFIRE) The operation is interrupted by a 0-signal at the inputs of the operation interlock (PROTEC), the oil criteria (GAS_OK), the air criteria (AIRFL_OK) or the input of the main flame (GASFIRE). In this case, the output PROTEC_F is set. It must be reset before the next startup by a positive edge at the input QUIT. The block F_GAS_BU is therefore used for monitoring the signal from the main flame sensor. If the burner is switched off, the signal "GASFIRE" (signal from the main flame sensor) must be reset within the parameterized time "MFSF_Time" ("Main Flame Sensor Failure Time") Otherwise, the diagnosis bit 13 will be set.
- 3-49 -
3.6.3
Time diagram
Optimal signal behavior The picture below shows the optimal signal behavior of the failsafe function block F_GAS_BU.
Case 1:
1) 2) 3) 4) 5)
Case 2:
1) 2) 3) 4) 5)
SW_INTL ST_INTL PROTEC STA_GBU STO_GBU V_IGNPOS GASFIRE GAS_OK AD_IGNPOS AIRFL_OK IGN_OP BU_OP QUIT GAS_RUN IGN_ON OPEN_V GBU_OPAT PROTEC_F DIAG 00 800 00 00 00 00 00 00 800 00 00 00 00 00
Switch on interlock Start up interlock Operation interlock Start gas burner Stop gas burner Valve in ignition position Fire in boiler Gas criteria fulfilled Air damper in ignition position Air criteria fulfilled Igniter in operation Another burner in operation Failure acknowldegement Gas start program running Activating igniter Openg gas valve Gas burner in operation after safety margin Failure Diagnosis word (hexadecimal)
TIME_GBU legend input = 1 input not relevant output = 1
TIME_GBU
Description of the optimal signal behavior: Case 1: Single operation mode 1) - switch-on interlock and start-up interlock (SW_INTL=1 and ST_INTL=1) fulfilled - valves and air dampers in ignition position (AD_IGNPOS=1) - gas and air criteria are fulfilled (GAS_OK=1 and AIRFL_OK=1) - start of gas operation by edge at input STA_GBU - message at output GAS_RUN that gas burner is in operation - the igniter is activated (output IGN_ON=1) - igniter is in operation (IGN_OP=1) - gas valves are opened (OPEN_V=1) - timer TIME_GBU starts - within the safety time all conditions for safe operation are fulfilled (PROTEC=1) - ST_INTL and PROTEC are set within the safety time - on expiration of the safety time the message is indicated at output GBU_OPAT - interruption by stop signal at input STO_GBU
2)
3) 4)
5)
- 3-50 -
Case 2: Multi-operation mode Several burners are operated in one combustor. The first burner is controlled as it is in single mode, for the second and all the rest, a flame is already available in the boiler (GASFIRE=1). Therefore, for these burners, the inputs V_IGNPOS and AD_IGNPOS have not to be set. The signal behavior is described from point 6 to 10: 1) - switch-on interlock and start-up interlock (SW_INTL=1 and ST_INTL=1) fulfilled - at least one burner in operation (BU_OP=1) - flame is available in the boiler (GASFIRE=1) - gas- and air criteria are fulfilled (GAS_OK=1 and AIRFL_OK=1) - start of gas burner by edge at input STA_GBU - message at output GAS_RUN that the gas burner is in operation - igniter is activated (output IGN_ON=1) - igniter is in operation (IGN_OP=1) - gas valves are opened (OPEN_V=1) - timer TIME_GBU starts - within the safety time, all conditions for safe operation are fulfilled (PROTEC=1) - ST_INTL and PROTEC are set within the safety time - at the end of the safety time a report is given at output GBU_OPAT - stop with stop signal at input STO_GBU
2)
3) 4)
5)
- 3-51 -
Signal behavior in case of failure The following picture shows the signal behavior of the failsafe function block F_GAS_BU for possible cases of failure.
Case 1:
1) 2) 3)
Case 2:
1) 2) 3) 4) 5) 6)
SW_INTL ST_INTL PROTEC STA_GBU STO_GBU V_IGNPOS GASFIRE GAS_OK AD_IGNPOS AIRFL_OK IGN_OP BU_OP QUIT GAS_RUN IGN_ON OPEN_V GBU_OPAT PROTEC_F DIAG 00 800 00 00 5000 5000 800 00 00 00 1000 00
Switch on interlock Start up interlock Operation interlock Start gas burner Stop gas burner Valve in ignition position Fire in boiler Gas criteria fulfilled Air damper in ignition position Air criteria fulfilled Igniter in operation Another burner in operation Failure acknowldegement Gas start program running Activating igniter Openg gas valve Gas burner in operation after safety margin Failure Diagnosis word (hexadecimal)
TIME_GBU legend: input = 1 input not relevant output = 1
TIME_GBU
Description of signal behavior: Case 1: 1) - start of gas operation by positive edge at input STA_GBU - gas igniter in operation (GAS_RUN=1) - igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) - gas valves are opened (OPEN_V=1) - timer TIME_GBU starts - conditions for the safe operation within the safety time not fulfilled (PROTEC=0). - igniter start is interrupted (GBU_OPAT remains "0"). Valves are closed (OPEN_V=0)
2)
3)
- 3-52 -
Case 2: 1) - start gas operation by positive edge at input STA_GBU - gas igniter in operation (GAS_RUN=1) - igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) - gas valves are opened (OPEN_V=1) - timer TIME_GBU starts - within the safety time all conditions for the safe operation are fulfilled (PROTEC=1) at the end of the safety time the report is given at output GBU_OPAT operation is interrupted by 0-signal at PROTEC - the error is shown at the output PROTEC_F - error PROTEC_F is reset by QUIT.
2)
3) 4) 5)
6)
During the operation, the inputs PROTEC, AIRFL_OK, GAS_OK and GASFIRE are monitored. Therefore, the behavior of the block will be the same as described under point 5 for PROTEC if another input than those listed above fails. The igniter is stopped and the failure report PROTEC_F is activated.
- 3-53 -
3.6.4
Block I/Os
Inputs F_GAS_BU Name SW_INTL Data type BOOL Description Switch on interlock 1-signal is set if all conditions are fulfilled which are necessary for switching on the gas igniter safely. 0-signal is set if a condition is not fulfilled, e. g.: Igniter is not ready. The gas igniter cannot be started in this case. This input has to be set to start the igniter with the starting command STAU_GBU. If the output GAS_RUN is already active, this input will not be checked. Start up interlock 1-Signal is set if all conditions are fulfilled which are necessary for switching on the gas igniter safely. 0-signal is set if a condition is not fulfilled, e. g. Run time for starting up the igniters is exceeded. This input has to be set to start-up the igniter with the starting command STA_GBU. The 1-signal has to remain during the complete operation. This means, the safety conditions have to be fulfilled until the igniter is in operation (GBU_OPAT=1). PROTEC BOOL Operation interlock 1-Signal is set if all conditions are fulfilled which are necessary for switching on the gas igniter safely. 0-signal is set if a condition is not fulfilled. The operation safety conditions have to be fulfilled when starting-up, before safety time has passed and they have to remain the complete operation period. If this is not the case, PROTEC_F is set. The signal of the flame detector, the air and the gas safety conditions do not have to be set at this input, they have to be connected with the inputs GASFIRE, AIRFL_OK and GAS_OK. The start value for PROTEC is "1"; thereby it is possible to operate the block even if no additional safety conditions are recommended. STA_GBU BOOL Start gas burner A positive edge starts the gas burner if the switching on conditions are fulfilled. For this the following inputs have to be set: SW_INTL, ST_INTRL, GAS_OK, AIRFL_OK and V_IGNPOS, AD_IGNPOS for single operation or BU_OP, GASFIRE for multi burner operation Stop gas burner A positive edge finishes the operation of the gas burner
ST_INTL
BOOL
STO_GBU
BOOL
- 3-54 -
Name GAS_OK
Data type BOOL
Description Gas criteria fulfilled 1-signal: gas criteria fulfilled 0-signal: gas criteria not fulfilled (e. g. gas pressure too low or too high) This input is monitored while the burner is in operation, as soon as it is not set the burner is stopped. PROTEC_F becomes "1".
GASFIRE
BOOL
Fire in boiler Signal of the main flame detector 1-Signal: flame is in the vessel 0-Signal: there is no flame The burner cannot be started if it is in single operation (BU_OP=0) and the main flame detector messages a flame (GASFIRE=1). This input is monitored while the burner is in operation, as soon as it is not set the burner is stopped. PROTEC_F becomes "1".
V_IGNPOS
BOOL
Valve in ignition position 1-signal: gas regulation valve is in start position (precondition for starting up the gas burner) 0-signal: gas regulation valve is not in start position; i. e. gas burner cannot be started. Air criteria fulfilled At this input a "1" has to be set so that the gas burner can be taken into operation. If a 0-signal is set an air criterion is not fulfilled; e. g. the fail safe function block F_AIRD messages an error on opening the air damper (for this a negated signal has to be connected). This input is monitored while the burner is in operation, as soon as it is not set the burner is stopped. PROTEC_F becomes "1".
AIRFL_OK
BOOL
AD_IGNPOS IGN_OP
BOOL BOOL
Air damper in ignition position The air damper is in igniter position, if a 1-signal is set Igniter in operation Message of the F-Block F_IGNTR. If a 1-signal is set, the igniter is ready. Otherwise a 0-signal is set. Another burner in operation 1-signal: other burners, which are firing the vessel too, are in operation. 0-signal: no burner in operation Failure acknowledgement If an error has occurred in standard operation, it has to be reset with QUIT before a restart is possible. Acknowledgement can only be done by a positive edge at QUIT and has no effect on standard operation.
BU_OP
BOOL
QUIT
BOOL
TIME_GBU
TIME
Safety time gas igniter Within this time the gas burner has to be ignited successfully. Standard value : 0min < TIME_GBU < 1min
- 3-55 -
Name MFSF_Time
Data type TIME
Description Supervision time for the flame detector If the burner is switched off and no other burners are in operation (BU_OP=0, GBU_OPAT=0 and GAS_RUN=0), but the flame detector messages a flame (GASFIRE=1), the timer MFSF (Main Flame Sensor Fault) is started. If it messages a flame after the parameterized time, the diagnosis bit 13 is set. The error is messaged in the flame detector.
Outputs F_GAS_BU Name GAS_RUN Data type BOOL Description Gas start program running 1-signal: gas starting program has started 0-signal: gas starting program has not started or conditions for the start are not fulfilled (switch on pre interlock = 0) Activating igniter 1-signal: igniter is activated 0-signal: igniter is not activated Opening gas valves 1-signal: valves are opened 0-signal: valves are or remain closed Gas burner in operation after safety margin 1-signal: gas burner is in operation 0-signal: gas burner is in the start-up phase or not in operation (message to other burner blocks at multi burner operation) Failure This output is set if the gas burner is in operation (GBU_OPAT) and then the input PROTEC, AIRFL_OK, GAS_OK or GASFIRE has a 0-signal (Interruption). Diagnosis word (hexadecimal) Information on function status and errors is shown on this output. (see table"Diagnosis F_GAS_BU" )
IGN_ON
BOOL
OPEN_V
BOOL
GBU_OPAT
BOOL
PROTEC_F
BOOL
DIAG
WORT
Diagnosis F_GAS_BU Bit Nr. 0 Description Starting command is activated (STA_GBU=1) while SW_INTL = 0. While the gas starting program is running, ST_INTRL becomes 0 While the gas starting program is running, STO_GBU becomes 1 Starting command is activated (STA_GBU=1) while PROTEC_F=1. Remark This message is reset: - if SW_INTL=1 is - after a positive edge at QUIT This message is reset: - if ST_INTRL=1 - after a positive edge at QUIT This message is reset: - if STO_GBU=0 is - after a positive edge at QUIT This message is reset: - if PROTEC_F=0 - after a positive edge at QUIT
- 3-56 -
Bit Nr. 4
Description Ignition valve not in ignition position (V_IGNPOS=0)
Remark This message is reset: - if V_IGNPOS=1 during the start activity (GAS_RUN=1) - if V_IGNPOS is not needed (multi burner operation: BU_OP=1 and GASFIRE=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if AD_IGNPOS=1 during the start activity (GAS_RUN=1) - if AD_IGNPOS is not needed any longer (multi burner operation: BU_OP=1 and GASFIRE=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if BU_OP and GASFIRE are equal one during multi burner operation. - after a positive edge at QUIT - after a new starting command
Air damper not in ignition position (AD_IGNPOS=0)
Main flame detector does not message any flames This message is set if - GASFIRE=0 after the safety time has passed - GASFIRE=0 and BU_OP=1 (multi burner operation) - If the burner is in operation, it is stopped and PROTEC_F is messaged Air criteria are not fulfilled (AIRFL_OK=0) - If the burner is in operation, it is stopped and PROTEC_F is messaged.
Gas conditions are not fulfilled (GAS_OK=0) - If the burner is in operation, it is stopped and PROTEC_F is messaged. Reserve Reserve Igniter not in operation despite activation (IGN_OP=0 during IGN_ON=1) The gas burner cannot start because the pilot burner is not yet ignited. PROTEC signal is not set (PROTEC=0) - after end of the safety time period - while the burner is in operation Main flame detector faulty (GASFIRE=1 and BU_OP=0) There is a main flame detector signal although no burner is in operation Supervision time for gas burner ignition has exceeded. GBU_OPAT after end of the safety time equal "0". Reserve
This message is reset: - if AIRFL_OK=1 during start activity (GAS_RUN=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if GAS_OK =1 during starting process (GAS_RUN=1) - after a positive edge at QUIT - after a new starting command
9 10 11
This message is reset: - if IGN_ON is active while IGN_OP is one - after a positive edge at QUIT - after a new starting command This message is reset : - after a positive edge at QUIT - after a new starting command This message is reset after a positive edge at QUIT
12
13
14
This message is reset : - after a positive edge at QUIT - after a new starting command
15
- 3-57 -
3.6.5
Parameters
All inputs of data type BOOL except PROTEC are preset by a 0-signal. (Input PROTEC is preset by a 1-signal) All inputs of data type TIME are preset by T#0ms
Safety note Please note that the parameterized safety times comply with the corresponding standards.
Allowable safety time for blowpipes Burner type maximal heating power of firing maximal (kW) in sec at startup Main burner <= 10 > 10 > 50 > 120 <= 50 <= 120 10 5 3 2
3)
safety
time
in Operation 1 1 1 1
Table: Safety time according to TRD 412
- 3-58 -
3.7 Failsafe function block oil start program (F_OIL_ST)

3.7.1 Introduction
The failsafe function block F_OIL_ST supervises the cleaning program for the oil burner, it controls the igniter and the steam blow-out valve and delivers the signals "cleaning program running", "command oil burner off" and "cleaning program ended". This block can be used for cleaning the oil burner before the start-up or for stopping and cleaning the oil burner after operation.
Note When this block is used, the blocks F_TON (FB 185) and F_BO_W (FC176) have to be present in the the block folder.
- 3-59 -
3.7.2
Mode of operation
In order to be able to start the cleaning program for the oil burner the operation interlock (PROTEC=1) for this function block must be fulfilled and no other program must be running (PRG_RUN=0). The program is started by OILP_ON and the output "cleaning program is running" (STPR_ON). Once the program is running (in single operation mode) the oil valve must be driven to ignition position (SW_COND=1) and the oil lance must have been or be run in (OL_ON=1). When the switching conditions are fulfilled and the oil lance is in position, the igniter will be activated by command IGN_ON. When the igniter is in operation (IGN_OP=1), the oil burner will be turned off by the command OILBU_OF. When the oil valves are closed (OV_CLOS=1), the atomizer valve is open (AV_OPEN=1), the atomizer pressure is higher than the minimum possible pressure (AP_MIN=1) and the air damper is in ignition position (AD_IGPOS=1), the steam blow-out valve will be opened (BV_OFF=1). The timer for the steam blow-out time BL_TIME is started by the feedback from the steam blow-out valve (BV_OPEN=1). At the end of the steam blow-out time the signal cleaning program is over (END) will be delivered. A timer monitors the whole cleaning program. If the parameterized time T_DISRUP is exceeded, the program will be interrupted and a failure output will be set.
- 3-60 -
3.7.3
Time diagram
Optimal signal behavior The picture bellow shows the optimal signal behavior of the failsafe function block F_OIL_ST.
1) 2)
3)
4)
5)
6)
7)
OILP_ON PRG_RUN PROTEC SW_COND OL_ON IGN_OP OV_CLOS AV_OPEN AP_MIN AD_IGPOS BV_OPEN OILP_RS QUIT OILP_OFF STPR_ON IGN_ON OILBU_OF BV_OFF END DISRUP DIAG 00 800 400 200 00 BL_TIME Legende: input = 1 input not relevant output = 1 00 00
Start cleaning program Other programs running Operation interlock Switch condition Oil lance run in Igniter in operation Oil valve closed Atomizer valve open Atomizer pressure higher than minimum Air damper in ignition position Steam blow-out valve opened Reset cleaning program Failure acknowledgement Switch off cleaning program Cleaning program running Activating igniter Stoping oil burner Opening steam blow-out valve Cleaning program finished Failure Diagnosis word (hexadecimal)
Description of the optimal signal behavior: 1) Operation interlock condition for the oil start program is fulfilled (PROTEC=1) - Switching conditions are fulfilled (SW_COND=1), oil lance is positioned (OL_ON=1) - no other programs are running (PRG_RUN=0) - cleaning program on (positive edge at OILP_ON=1) - cleaning program is running (output STPR_ON=1) - igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) - command oil burner off (OILBU_OFF=1) - oil valves are closed (OV_CLOS=1)
- 3-61 -
2)
3)
4)
- atomizer valve is open (AV_OPEN=1) - atomizer pressure > MIN (AP_MIN=1) - air damper in ignition position (AD_IGPOS=1) - steam blow-out valve is driven (BV_OFF=1) 5) - steam blow-out valve is open (BV_OPEN=1) - steam blow-out timer starts (BL_TIME) after the steam blow-out time the cleaning program ends (END=1) reset of END by positive edge at OLPR_RS (Cleaning program starts again if OILP_ON is set and all conditions remain)
6) 7)
Signal behavior in case of failure The picture bellow shows the signal behavior of the failsafe function block F_OIL_ST for possible failures.
1) 2) 3) 4) 5) 6) 7)
OILP_ON PRG_RUN PROTEC SW_COND OL_ON IGN_OP OV_CLOS AV_OPEN AP_MIN AD_IGPOS BV_OPEN OILP_RS QUIT OILP_OFF STPR_ON IGN_ON OILBU_OF BV_OFF END DISRUP DIAG
00 1400 800 400 200 00 3000 2000 2000 00 BL_TIME
Start cleaning program Other programs running Operation interlock Switch condition Oil lance run in Igniter in operation Oil valve closed Atomizer valve open Atomizer pressure higher than minimum Air damper in ignition position Steam blow-out valve opened Reset cleaning program Failure acknowledgement Switch off cleaning program Cleaning program running Activating igniter Stoping oil burner Opening steam blow-out valve Cleaning program finished Failure Diagnosis word (hexadecimal)
legend:
- 3-62 -
Description of the signal behavior in case of failure: 1) - operation interlock condition for oil start program is fulfilled (PROTEC=1) - switching conditions are fulfilled (SW_COND=1), oil lance is positioned (OL_ON=1) - no other programs are running (PRG_RUN=0) - cleaning program on (positive edge at OILP_ON=1) - cleaning program is running (output STPR_ON=1) - igniter is activated (IGN_ON=1) - igniter is in operation (IGN_OP=1) - command oil burner off (OILBU_OF=1) oil valve closed (OV_CLOS=1) - atomizer valve open is fulfilled (AV_OPEN=1) - atomizer pressure > MIN fulfilled (AP_MIN=1) - air damper in ignition position fulfilled (AD_IGPOS=1) - steam blow-out valve is driven (output BV_OFF=1) - steam blow-out valve open (BV_OPEN=1) - steam blow-out timer starts (BL_TIME) - During the steam blow-out time, the operation interlock condition for the cleaning program are no longer fulfilled (PROTEC=0) - resetting the outputs: cleaning program is running (STPR_ON=0), igniter on (IGN_ON=0), oil burner off (OILBU_OF=0) and steam blow-out valve on (BV_OFF=0). - DIAG=3000 (bit 13=1 and bit 12= 1) (see diagnosis F_OIL_ST) - Quitting - Diagnostic bit 12 is reset - Diagnostic bit 13 remains
2)
3)
4)
5)
6)
DIAG=2000 (see diagnosis F_OIL_ST)
7)
- program cannot be started again because DIAG=2000 - by the command cleaning program reset (positive edge at OLPR_RS) the diagnostic bit 13 is reset. - the cleaning program can be started again
- 3-63 -
3.7.4
Block I/Os
Inputs F_OIL_ST Name OILP_ON Data type BOOL Description Start cleaning program A positive edge starts the block if the switching on conditions are fulfilled. For this the following inputs have to show the following state: PRG_RUN=0, PROTEC=1, OL_ON=1, SW_COND=1 The output also has to be END=0 Other programs running 1-signal: other programs are running, starting the program is not possible. 0-signal: other programs are not running, starting the program is possible. Operation interlock 1-signal: necessary conditions for operating the cleaning program are fulfilled. 0-signal: a necessary condition is not fulfilled, (program cannot be started) If the operation pre interlock fails during the steam blow-out time, the program will be interrupted. It has to be reset before a restart. Switch condition 1-signal: necessary conditions for operating the cleaning program are fulfilled. 0-signal: a necessary condition is not fulfilled, (program cannot be started) If a switching continue condition fails during the steam blowout time, the program will be interrupted. It has to be reset before a restart. Oil lance run in 1-signal: oil lance is run in 0-signal: oil lance is not run in Oil lance has to be run in; otherwise the igniter cannot be activated. If the signal fails during the steam blow-out time, the program will be interrupted. It has to be reset before a restart. Igniter in operation 1-signal: igniter is in operation 0-signal: igniter is not in operation If the signal fails during the steam blow-out time, the program will be interrupted. It has to be reset before a restart. Oil valve closed 1-signal: oil valves are closed 0-signal: oil valves are not closed If the signal fails during the steam blow-out time, the program will be interrupted. It has to be reset before a restart. Atomizer valve opened 1-signal: atomizer valve is opened 0-signal: atomizer valve is not opened If the signal fails during the steam blow-out time, the program will be interrupted. It has to be reset before a restart.
PRG_RUN
BOOL
PROTEC
BOOL
SW_COND
BOOL
OL_ON
BOOL
IGN_OP
BOOL
OV_CLOS
BOOL
AV_OPEN
BOOL
- 3-64 -
Name AP_MIN
Data type BOOL
Description Atomizer pressure higher than minimum 1-signal: atomizer pressure is greater than the minimum pressure 0-signal: atomizer pressure less than the minimum pressure Turns the signal during the steam blow-out time out, the program will be interrupted. It has to be reset before a new start. Air damper in ignition position 1-signal: air damper is in Igniter position 0-signal: air damper is not in ignition position Turns the signal during the steam blow-out time out, the program will be interrupted. It has to be reset before a new start. Steam blow-out valve is opened 1-signal: steam blow-out valve is opened 0-signal: steam blow-out valve is closed The steam blow-out time detector can only be started if a 1signal is set at this input. If the signal fails during the steam blow-out time, the timer will be interrupted. If all other necessary conditions still exist, the timer starts again as soon as a 1-signal is set at BV_OPEN. Reset cleaning program 1-signal: resets END (oil out blowing program finished) Failure acknowledgement If there is an error, the 1-signal at output DISRUP is reset with a positive edge in QUIT. The acknowledging can only be done by a positive edge on QUIT and has no effect in standard operation. Swich off cleaning program For completing the oil starting program a 1-signal is necessary. Run time for oil starting program Maximum run time allowed for the oil starting program. After T_DISRUP the program is interrupted and DISRUP is messaged. The timer starts if the output STPR_ON is set. Standard value : 0min < T_DISRUP < 60min Steam blow-out time The time defines how long the steam blow-out valve should be opened. Standard value: 0min < BL_TIME < 40min
AD_IGPOS
BOOL
BV_OPEN
BOOL
OILP_RS QUIT
BOOL BOOL
OILP_OFF
BOOL
T_DISRUP
TIME
BL_TIME
TIME
- 3-65 -
Outputs F_OIL_ST Name STPR_ON Data type BOOL Description Cleaning program running 1-signal: program is running 0-signal: program is not running Activating igniter 1-signal: activation igniter 0-signal: no activation igniter Stoping oil burner 1-signal: switching off of the oil burner 0-signal: no switching off of the oil burner Opening steam blow-out valve 1-signal: open the steam blow-out valve 0-signal: do not open the steam blow-out valve Failure The parameterized maximum run time for the program is exceeded. Cleaning program finished 1-signal: oil out blowing program is finished 0-signal: oil out blowing program is not finished Diagnosis word (hexadecimal) At this output information is shown about function status and errors. (see table diagnosis F_OIL_ST)
IGN_ON
BOOL
OILBU_OF
BOOL
BV_OFF
BOOL
DISRUP
BOOL
END
BOOL
DIAG
WORT
Diagnosis F_OIL_ST Bit Nr. 0 Description Starting command is activated (OILP_ON=1) while PRG_RUN=1. Reserve Starting command is activated (OILP_ON=1) while OILP_OFF=1. Starting command is activated (OILP_ON=1) while DISRUP=1 Switching continue conditions are not fulfilled (SW_COND=0) This message is reset: - if OILP_OFF=0 - after a positive edge on QUIT This message is reset: - after a positive edge on QUIT This message is reset: - if SW_COND=1 during the start activity (STPR_ON=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if AD_IGNPOS=1 during the start activity (STPR_ON=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if AV_OPEN=1 during the start activity (STPR_ON=1) - after a positive edge at QUIT - after a new starting command Remark This message is reset: - if PRG_RUN=0 - after a positive edge at QUIT
1 2
3 4
Air damper is not in ignition position (AD_IGNPOS=0)
Atomizer valve is closed (AV_OPEN=0)
- 3-66 -
Bit Nr. 7
Description Air pressure less than minimum pressure (AP_MIN=0)
Remark This message is reset: - if AP_MIN=1 during the starting activity (STPR_ON=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if OIL_ON=1 during the starting process (STPR_ON=1) - after a positive edge at QUIT - after a new starting command This message is reset: - if BV_OFF=1 and BV_OPEN=1 at the same time. - after a positive edge at QUIT - after a new starting command This message is reset : - if OILBU_OF=1 and OV_CLOS=1 at the same time - after a positive edge at QUIT - after a new starting command This message is reset: - if IGN_ON=1 and IGN_OP=1 at the same time. - after a positive edge at QUIT - after a new starting command This message is reset: - after a positive edge at QUIT - after a new starting command
Oil lance is not run in (OL_ON=0)
Message steam blow-out valve is closed (BV_OPEN=0) although there is a command for opening (BV_OFF=1)
10
Oil valves opened (OV_CLOS=0)
11
There is no ignition flame (IGN_OP=0) although the igniter is activated (IGN_ON=1)
12
13
14 15
Operation pre interlock is not fulfilled. (PROTEC=0). This message is also set if: - a starting command is set - if STPR_ON=1 during the current oil starting program An error occurred during the oil starting programs. The oil starting program cannot be restarted. Supervision time of oil starting programs is exceeded Reserve
This message is reset: - after a positive edge at OLPR_RS
This message is reset: - after a positive edge on QUIT
- 3-67 -
3.7.5
Parameters
All inputs of the data type BOOL are preset by a 0-signal. All inputs of the data type TIME are preset by T#0ms
Safety note Please note that the parameterized safety times comply with the corresponding standards.
- 3-68 -
3.8 Failsafe function block position check (F_POS_CH)

3.8.1 Introduction
The failsafe function block F_POS_CH monitors the position of the actuators for air and fuel supply.
Note When this block is used, the block F_TON (FB 185) has to be present in the block folder.
- 3-69 -
3.8.2
Mode of operation
The reference positions for the actuators 1 and actuator 2 (inputs REF_POS1 and REF_POS2) are checked for validity before they are given out to the actuators at the outputs POS1_OUT and POS2_OUT. The reference values must be between 0 (closed) and 100 (open). It is therefore possible to parameterize a maximum difference between the reference positions at input MAXDIF to avoid for example, that the reference position for the fuel actuators is 100 (open) and that for the air actuator is 0 (closed). Actuator 1 is supposed to be the one for the fuel supply and actuator 2 the one for the air supply. The calculation of the difference is as follows: REF_POS1 REF_POS2 > MAXDIF. FAIL_REF is signaled if MAXDIF is exceeded. In case the reference positions are not valid, the parameterized safety positions SAF_POS1 and SAF_POS2 are given out at the outputs POS1_OUT and POS2_OUT. A reference failure will be signaled at output FAIL_REF. The measured positions (feedback signalsPOS1_M and POS2_M from the actuators) are compared with the positions given to the actuators (POS1_OUT and POS2_OUT). If one of the measured positions is not within the specified range (POS1_OUT TOL_1 and POS2_OUT TOL_2) the corresponding output NO_POS1 or. NO_POS2 will be set. If a reference position (REF_POS1 or REF_POS2) changes a timer will start to control the time it takes the actuator to reach an allowed position. If one of the measured positions POS1_M or POS2_M is not within the specified range at the end of the parameterized time (T1_RCH or T2_RCH) the corresponding output FAIL_1 or. FAIL_2 will be set to show the failure. In this case, the parameterized safety positions SAF_POS1 or SAF_POS2 will therefore be given to the outputs POS1_OUT or POS2_OUT. If during the time T1_RCH or T2_RCH the reference positions are changed again, the timers will be restarted. In case the measured position (POS1_M or POS2_M) of an actuator changes without a previous change in reference and if the new position is out of the specified range, this will be shown at the corresponding output NO_POS1 or NO_POS2 T. Timer T1_NPO or T2_NPO will start. If the time is over before the actuator has reached an allowed position, the failure signal FAIL_1 or FAIL_2 will be set and the parameterized safety positions SAF_POS1 or SAF_POS2 will be delivered to the outputs POS1_OUT or POS2_OUT.
- 3-70 -
3.8.3
Time diagram
Optimal signal behavior The picture bellow shows the optimal signal behavior of the failsafe function block F_POS_C.
1) 2)
REF_POS1 REF_POS2 MAXDIF TOL_1 TOL_2 SAF_POS1 SAF_POS2 POS1_M POS2_M QUIT FAIL_REF FAIL_1 FAIL_2 QUIT_ON NO_POS1 NO_POS2 POS1_OUT POS2_OUT
75 50 65 40
50 40 20 5 5 0 100
Reference position for actuator 1 Reference position for actuator 2 Maximal difference REF_POS1-REF_POS2 Tolerance actuator 1 Tolerance actuator 2 Safety position actuator 1 Safety position actuator 2 Measured position actuator 1 Measured position actuator 2 Failure acknowledgement Reference failure Position failure actuator 1 Position failure actuator 2 Quit is active Actuator 1 not in position Actuator 2 not in position
74 xx 70 xx
53 39
75 50 65 40 <T1_RCH <T2_RCH
input = 1
50 40
Delivered position to actuator 1 Delivered position to actuator 2
legend:
input not relevant output = 1
65 65 xx
measured analog value at input delivered analog value to output values are changing
Description of the optimal signal behavior: 1) - The reference positions are changed from 75/ 65 to 50/40 t - The new reference positions are valid and are delivered to the outputs POS1_OUT and POS2_OUT for the actuators - Timer T1_RCH and T2_RCH are started - The actuators have not yet reached the new position (POS1_M and POS2_M change and are beyond the tolerance range) - NO_POS1 and NO_POS2 will be set therefore - The actuators have reached valid positions within T1_RCH and T2_RCf. - NO_POS1 and NO_POS2 are reset
2)
- 3-71 -
Signal behavior in case of failure The picture below shows the signal behavior of the failsafe function block F_POS_CH for possible failures.
1)
2)
3)
4)
5)
6)
REF_POS1 REF_POS2 MAXDIF TOL_1 TOL_2 SAF_POS1 SAF_POS2 POS1_M POS2_M QUIT FAIL_REF FAIL_1 FAIL_2 QUIT_ON NO_POS1 NO_POS2 POS1_OUT POS2_OUT
75 50 65 40 20 5 5 0 100 xx xx 59 47 53 xx 39 xx
75 40
Reference position for actuator 1 Reference position for actuator 2 Maximal difference REF_POS1-REF_POS2 Tolerance actuator 1 Tolerance actuator 2 Safety position actuator 1 Safety position actuator 2 6 94 Measured position actuator 1 Measured position actuator 2 Failure acknowledgement Reference failure Position failure actuator 1 Position failure actuator 2 Quit is active Actuator 1 not in position Actuator 2 not in position
75 65
50
0 50
0 100
Delivered position to actuator 1 Delivered position to actuator 2
40 100 65 T1_RCH T2_RCH <T1_RCH <T2_RCH
T1_RCH T2_RCH legend:

65 65 xx
measured analog value at input delivered analog value to output values are changing
Description of the signal behavior in case of failure: 1) - The reference positions are changed. - The new reference positions are valid and are delivered to the outputs POS1_OUT and POS2_OUT for the actuators - Timer T1_RCH and T2_RCH are started - The actuators have not yet reached the new position (POS1_M and POS2_M change and are beyond the tolerance range) - NO_POS1 and NO_POS2 will be set therefore - The actuators have not reached valid positions within T1_RCH and T2_RCH. - FAIL_1 and FAIL_2 are set - The safety positions are delivered to the outputs POS1_OUT and POS2_OUT - Quitting - FAIL_1 and FAIL_2 are reset - The reference positions are valid and are delivered to the outputs POS1_OUT and POS2_OUT
- 3-72 -
2)
3)
- Timer T1_RCH and T2_RCH are started 4) - The actuators have reached valid positions within T1_RCH and T2_RCH. - NO_POS1 and NO_POS2 are reset - The new reference positions are not valid because the difference between the reference positions is higher than the parameter MAXDIF - FAIL_REF is set - The safety positions are given to the outputs POS1_OUT and POS2_OUT - The actuators have not yet reached the new position, NO_POS1 and NO_POS2 are set - The actuators have not reached the safety positions within T1_RCH and T2_RCH. - FAIL_1 and FAIL_2 are set
5)
6)
- 3-73 -
3.8.4
Block I/Os
Inputs F_POS_CH Name REF_POS1 Data type INT Description Reference position for actuator 1 Value has to be between 0 and 100, if the value is not valid, FAIL_REF (Reference failure) will be messaged and the safety positions will be issued. Limited between 0 and 100. Input is intended for the fuel actuator! If REF_POS1 is greater than REF_POS2 + MAXDIF, FAIL_REF is messaged; a reversed comparison is not executed. REF_POS2 INT Reference position for actuator 2 Value has to be between 0 and 100, if the value is invalid, FAIL_REF (Reference failure) is messaged and the safety positions are issued. Limited between 0 and 100. Input is intended for air actuator! REF_POS2 can optionally be greater than REF_POS1! MAXDIF is not evaluated at this input MAXDIF INT Maximal difference REF_POS1 - REF_POS2 If REF_POS1 REF_POS2 > MAXDIF, FAIL_REF (reference failure) is messaged. The safety positions will also be issued Limited between 0 and 100. Tolerance atuator 1 Possible tolerance for actuator 1 Limited between 0 and 100. Tolerance actuator 2 Possible tolerance for actuator 2 Limited between 0 and 100. Safety position actuator 1 Position intended for activating the actuator 1 in case of errors Limited between 0 and 100. Safety position actuator 2 Position intended for activating the actuator 2 in case of errors Limited between 0 and 100. Measured position actuator 1 Measured position of actuator 1 Limited between 0 and 100. Measured position actuator 2 Measured position of actuator 2 Limited between 0 and 100.
TOL_1
INT
TOL_2
INT
SAF_POS1
INT
SAF_POS2
INT
POS1_M
INT
POS2_M
INT
- 3-74 -
Name QUIT
Data type BOOL
Description Failure acknowledgement Error acknowledgement Error acknowledgement can only be done by a positive edge on QUIT no effect on standard operation. Time for actuator 1 (reference position change) Time, in which the position change for actuator 2 has to have taken place. Otherwise FAIL_1 is set and the safety positions are issued. Time for actuator 2 (reference position change) Time, in which the position change for actuator 2 has to have taken place. Otherwise FAIL_2 is set and the safety positions are issued. Time for actuator 1 (actuator position change) Time in which the actuator 1 has to have a valid position again if it has been left without a change of the reference position. If this does not happen, FAIL_1 is set and the safety positions will be issued. Time for Actuator 2 (Actuator position change) Time in which the actuator 2 has to have a valid position again if this was left without a change of the reference position. If this does not happen, FAIL_2 is set and the safety positions will be issued.
T1_RCH
TIME
T2_RCH
TIME
T1_NPO
TIME
T2_NPO
TIME
Outputs F_POS_CH Name FAIL_REF Data type BOOL Description Reference failure Reference positions were checked and found invalid. Either the value range 0-100 has not been observed or the difference is too high. Position failure actuator 1 Actuator 1 is in an invalid position after T1_RCH or T1_NPO. Position failure actuator 2 Actuator 2 is in an invalid position after T2_RCH or T2_NPO. Quit is active 1-signal: at input QUIT a 1-signal is set. 0-signal: at input QUIT a 0-signal is set. Actuator 1 not in position 1-signal: actuator 1 is in an invalid position 0-signal: actuator 1 is in a valid position Actuator 2 not in position 1-signal: actuator 2 is in an invalid position 0-signal: actuator 2 is in a valid position Delivered position to actuator 1 Issued position for actuator 1 Delivered position to actuator 2 Issued position for actuator 2
FAIL_1
BOOL
FAIL_2
BOOL
QUIT_ON
BOOL
NO_POS1
BOOL
NO_POS2
BOOL
POS1_OUT POS2_OUT
INT INT
- 3-75 -
3.8.5
Parameters
All inputs of the data type BOOL are initially set to 0. All inputs of the data type TIME are initially set to T#0ms
Safety note Please note that the parameterized safety times comply with the system configuration.
- 3-76 -
Interaction of the Blocks
4 Interaction of the blocks

4.1 Overview
This chapter describes essential points which have to be taken into account when using the failsafe function blocks for burner technology. The different combination possibilities of the blocks are represented graphically. The modular design of the available burner technology function blocks makes it possible to meet your specific requirements. Blocks which are not necessary need not be used. You may not require all the function blocks. If you need additional functions for the specific control of your burner, you must create them yourself by adding further failsafe blocks. The signals from these functions have to be connected with the function blocks for the burner technology.
Gas burner in single operation

F_TIGHTN F_IGNTR
Short description: Before the burner starts the gas tightness test must be carried out. If the gas tightness test is successful, the burner starts. The burner activates the igniter block and the ignition is started. The air dampers are driven to ignition position. After the successful ignition, the air dampers will be opened or regulated for gas operation.
F_GAS_BU
F_AIRD
Oil burner in Single operation

F_OIL_ST F_IGNTR
Short description: With the oil start program the boiler and the oil burner are cleaned of fuel rests. After the cleaning, the oil burner starts and the ignition procedure begins. For this, the air dampers are driven to ignition position, the valves for the ignition fuel are opened and the fuel is ignited. If all conditions are fulfilled, the main fuel valves open and the ignition takes place. If a flame is available in the boiler, the ignition valves will be closed (only if separate ignition gas is used).
F_OIL_BU
F_AIRD
- 4-1 -
Burner in mixed operation

F_TIGHTN
Short description: If gas is used for the start-up, the gas tightness test has to be carried out before the burner can be started. After successful gas tightness test the igniter block is activated by F_GAS_BU and the gas is ignited. When there is a flame, this operation can be changed to oil operation. Start with oil as fuel is also possible. In this case, an oil start program for removing fuel rests with steam is necessary as described previously.
F_GAS_BU
F_IGNTR
F_OIL_BU
F_AIRD
4.2 Connection of the blocks

The burner package is based on modules and can be connected according to different application. The parameterization of the safety relevant times and the connections between the inputs and outputs of the blocks have to be made according to the guidelines for the plant. I must be checked that the requirements which apply to the particular burner plant are met.
4.2.1
Basic configuration
For the configuration of a basic burner plant, the blocks F_IGNTR and F_GAS_BU (for gas burner) or F_OIL_BU (for oil burner) have to be used.
4.2.1.1 Gas burner control

Connection of F_IGNTR and F_GAS_BU: Basic configuration to control a gas burner equipped with igniter burner, main flame detector and ignition flame detector.
Safety note The switch-on, start-up and operation conditions for the ignition and the burner depend on the application and must comply with the respective standards.
- 4-2 -
Connection between F_IGNTR, F_GAS_BU and of the flame detectors: Input (F_IGNTR) IGN_ON SW_COND IGN_OP BU_OP Switching on the igniter Output IGN_ON of F_GAS_BU Switching conditions The main flame detector must not be connected with this input! Igniter in operation and ionization of the ignition flame IGN_OP=0: no flame IGN_OP=1: there is an ignition flame Burner in operation Signal OPEN_V of F_GAS_BU Connect with: Connect with:
Input (F_GAS_BU) SW_INTL
Switch-on interlock AND gate of: - Output IGN_READ from F_IGNTR - Other switching on conditions (depending on the application and corresponding to the guidelines) Start-up interlock AND gate of: - Output DISRUP negated from the igniter block F_IGNTR - Watchdog timing. (s.3.3.2) - Other start-up conditions (depending on the application and corresponding to the standards) Operation interlock AND gate of: - Safety conditions for operation (depending on the application and corresponding to the guidelines) (The signal of the flame detector and the air and gas safety conditions do not have to be connected with this input. There are the inputs GASFIRE, AIRFL_OK and GAS_OK for these signals.) Fire in the boiler - Signal of the flame detector 1-signal: fire in the boiler 0-signal: no flame Igniter in operation Output IGN_OPAT of block F_IGNTR.
ST_INTL
PROTEC
GASFIRE
IGN_OP
- 4-3 -
Example of connection gas burner control

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology - 4-4 -
4.2.1.2 Oil burner control

Operation of F_IGNTR and F_OIL_BU: Basic configuration to control an oil burner equipped with igniter burner, main flame detector and ignition flame detector
Safety note The switch-on, start-up and operation conditions for the ignition and the burner depend on the application and must comply with the respective standards. Connection between F_IGNTR, F_OIL_BU and the flame detectors: Input (F_IGNTR) IGN_ON SW_COND IGN_OP Switching on the igniter Output IGN_ON of F_OIL_BU Switching conditions The main flame detector should not be connected with this input! Igniter in operation and ionisation of the ignition flame Signal from the ignition flame detector IGN_OP=0: no flame IGN_OP=1: ignition flame Burner in operation Signal OPEN_OV of F_OIL_BU Connect with: Connect with:
BU_OP
Input (F_OIL_BU) SW_INTL
Switch-on interlock AND gate of: - Output IGN_READY from F_IGNTR - Other switching on conditions (depending on the application and corresponding to the guidelines) Start-up interlock AND gate of: - Output DISRUP negated by F_IGNTR - Watchdog timing. (s.3.3.2) - Other start-up conditions (depending on the application and corresponding to the guidelines) Operation interlock AND gate of: - Safety conditions for operation (depending on the application and corresponding to the guidelines) (The signal of the flame detector and the air and gas safety conditions do not have to be connected with this input. The inputs GASFIRE, AIRFL_OK and GAS_OK are there for these signals) Fire in boiler - signal from flame detector 1-signal: fire in boiler 0-signal: no flame Igniter in operation Output IGN_OPAT of F_IGNTR.
ST_INTRL
PROTEC
OILFIRE
IGN_OP
- 4-5 -
Example of connection oil burner control
- 4-6 -
4.2.1.3 Mixed operation

Start-up with gas: F_GAS_BU is connected with F_IGNTR as described in section 4.2.1.1. After starting up with gas, oil operation is activated by F_OIL_BU. If a pilot burner is used to ignite the oil burner, F_OIL_BU is connected with F_IGNTR as described in section 4.2.1.2. Additionally, the following connection is necessary. Input (F_OIL_BU) BU_OP Burner in operation Output GAS_OPAT from the block F_GAS_BU Connect with:
In case no igniter burner is used to ignite the oil burner, the following connections have to be made: Input (F_OIL_BU) SW_INTL Switch-on interlock AND gate of: - Switch-on conditions (depending on the application and corresponding to the guidelines) Start-up interlock AND gate of: - Start-up conditions (depending on the application and corresponding to the guidelines) Operation interlock AND gate of: - Safety conditions for operation (depending on the application and corresponding to the guidelines) Fire in boiler - Signal of the flame detector 1-signal: fire in boiler 0-signal: no flame Igniter in operation Signal of the flame detector Burner in operation Output GAS_OPAT of F_GAS_BU Connect with:
ST_INTL
PROTEC
OILFIRE
IGN_OP BU_OP
- 4-1 -
Start-up with oil: F_OIL_BU is connected with F_IGNTR as described in Chapter 4.2.1.2 After starting up with oil, gas operation is activated with F_GAS_BU. If a pilot burner is used to ignite the gas burner, F_GAS_BU is connected with F_IGNTR as described in section 4.2.1.2. Additionally, the following connection is necessary. Input (F_GAS_BU) BU_OP Burner in operation Output OIL_OPAT of F_OIL_BU Connect with:
In case no igniter burner is used to ignite the gas burner, the following connections have to be made. Input (F_GAS_BU) SW_INTL Switch-on interlock AND gate of: - Switch-on conditions (depending on the application and corresponding to the guidelines) Start-up interlock AND gate of: - Start-up conditions (depending on the application and corresponding to the guidelines) Operation pre interlock AND-Operation of: - Safety conditions for operation (depending on the application and corresponding to the guidelines) Fire in boiler - Signal of the flame detector 1-signal: fire in boiler 0-signal: no flame Igniter in operation Signal of the flame detector Burner in operation Output OIL_OPAT of F_OIL_BU Connect with:
ST_INTL
PROTEC
GASFIRE
IGN_OP BU_OP
- 4-2 -
4.2.2
Control of several burners
The main burner is controlled by F_IGNTR and F_GAS_BU or F_OIL_BU as described in section 4.2.1.1 and section 4.2.1.2. Once the main flame is lighted and the main burner is in operation, the block F_GAS_BU does not need any positive signals at the inputs GAS_OK, V_IGNPOS and AD_IGNPOS for starting an igniter by a 1-signal at output IGN_ON. For F_OIL_BU no positive signals are needed at the inputs V_IGNPOS and AD_IGNPOS. The following connections are necessary: Input (F_OIL_BU / F_GAS_BU) Connect with:
BU_OP
Burner in operation Output OIL_OPAT/ GBU_OPAT of F_OIL_BU/ F_GAS_BU
- 4-3 -
4.2.3
Optional blocks
F_TIGHTN This block is used in gas burner controls for which a gas tightness test is required. In this case, the gas burner block cannot be started unless the tightness test has been finished successfully. . Connection between F_TIGHTN and F_GAS_BU The output TIGH_OK has to be connected to the input SW_INTL (switch-on interlock). Input (F_GAS_BU) SW_INTL Switch-on interlock AND- gate of: - negated signal of the flame detector - output TIGH_OK of F_TIGHTN - output IGN_READY of F_IGNTR - other switch-on conditions (depending on the application and corresponding to the guidelines) Connect with: Connect with:
Input (F_TIGHTN) GAS_RUN GAS_OPAT
Gas start-up program is running Output GAS_RUN from F_GAS_BU. Gas burner in operation after "t" Output GAS_OPAT from F_GAS_BU
- 4-4 -
Control of the valves:
F_OIL_ST This block is used in oil burner controls which need a cleaning program. In this case, the oil burner cannot be started unless the program has been finished. Input (F_OIL_BU) SW_INTL Switch-on interlock AND gate of: - negated signal of the flame detector - output END of F_OIL_ST - output IGN_READY of F_IGNTR - other switch-on conditions for the oil burner (depending on the application and corresponding to the guidelines) Connect with:
F_AIRD This block is used for controlling the air dampers Input (F_AIRD) CLOSE_AD Command to close the air damper AND gate of: - negated output GAS_RUN by F_GAS_BU - negated output GAS_OPAT by F_GAS_BU or: - negated output OIL_RUN by F_OIL_BU - negated output OIL_OPAT by F_OIL_BU Drive air damper to ignition position Output GAS_RUN of F_GAS_BU or: Output OIL_RUN of F_OIL_BU Command to open the air damper Output GAS_OPAT of F_GAS_BU or Output OIL_OPAT of F_OIL_BU
- 4-5 -
Connect with:
AD_IGNPOS
OPEN_AD
4.2.4
Additionally necessary blocks
The following blocks of the Distributed Safety Library are called up in the failsafe function blocks and must therefore be provided in the block folder: F_TON ( FB 185) F_TP (FB 184 )
Moreover, for diagnostic purposes, it is recommended to include the following organization blocks in the block folder: Diagnostic Interrupt OB 82 Removing/Inserting Module Interrupt OB 83 (only possible at 416F-2DP) Program Run Error OB 85 Module Rack Failure OB 86 Communication Error OB 87 Programming Error OB 121 I/O Access Error OB 122
- 4-6 -
4.2.5
Further information
4.2.5.1 Information about the burner technology

For general information, an information sheet about burner technology is at your disposal. You can order it at: Tel.: +49 (0)911 895-4759 Fax: +49 (0)911 895-5193 E-Mail: hf-cc@siemens.com
4.2.5.2 General information

Information on configuring and parameterizing the hardware as well as a description how to use STEP7 and the graphical editor (F-FBD or F-LAD) of Distributed Safety are given in the manuals listed below. Automation System S7-300 Failsafe Signal Modules (MLFB: 6ES7 988-8FA10-8AA0) Configuring Hardware and Communication Connections with STEP 7 (MLFB: 6ES7 810-4CA07-8AW0) S7 Distributed Safety- Configuring and Programming (MLFB: 6ES7 988-8FB10-8AA0)
These manuals can be found as follows: Start > Simatic > S7-Manuals as well as Start > Simatic > Documentation.
- 4-7 -
5 Application examples
5.1 Overview
This chapter shows how to use the burner technology failsafe function blocks based on two application examples. Knowledge of STEP and F-FBD/F-LAD required.
5.1.1
Labeling for the interconnection of the burner blocks
To make the description of the interconnections between the failsafe function blocks as clear as possible, each input and output has been assigned a number. Since some connection names are similar or even identical, this is a definite designation and it is easy to understand which inputs and outputs must be interconnected with each other. The designations of the operands may vary depending on which hardware configuration is used. The following abbreviations are used in the interconnection tables in the next sections.
F-Input 2v2 Input F-Output Output xx xx (xx)
- failsafe input with redundant sensor signal - standard input (over F-converter block) - output to a failsafe output module - output to a standard output module - incoming signal from connection xx - outgoing signal to connection xx - see description of interconnection xx
- 5-0 -
5.2 Connection example for gas burner control

5.2.1
No. 1 2 3 4 5 6 7 8 9 10 11 12
Interconnection of F_GAS_BU
Input/ Output I I I I I I I I I I I I I Connection SW_INTL ST_INTL PROTEC STA_GBU STO_GBU GAS_OK GASFIRE V_IGNPOS AIRFL_OK AD_IGNPOS IGN_OP BU_OP QUIT GAS_RUN IGN_ON OPEN_V Description Switch-on pre interlock Type/ Parameter F-interconnection Operand /interconnected with
see (1) below see (2) below see (3) below
Start-up pre interlock F- interconnection Operation pre interF- interconnection lock Command gas burner Input ON Command gas burner F- interconnection OFF Gas criteria fulfilled Fire in boiler with GAS Gas control valve in start position Common air criteria fulfilled F- interconnection F-Input 2/2 F-input 2/2 F- interconnection
see (4) below see (5) below
AND connection of several air conditions Interconnection with AND block
Air damper in ignition Input 2/2 position Igniter operation after "t" Burner in operation Quitting operation interruption Gas start program is running Igniter ON Activation gas valves F-output F- interconnection Input
43
IGN_OPAT Multi-burner
13 14 15 16 17
O O O O O I
20, 35 28 37 21 Output 2 sec
GAS_RUN, PRG_RUN
IGN_ON BU_OP GBU_OPAT
GBU_OPAT Gas operation after "t" PROTEC_F Operation failure TIME_GBU Safety time gas burner
(1)
AND-connection of: - output from gas tightness test block TIGH_OK - output from igniter block IGN_READY - preventilation fulfilled (if not yet connected to the switch-on condition of the igniter so that IGN_READY=1) AND-connection of: - negated output DISRUP from igniter block - run time supervision. (s.3.3.2) AND-connection of: - negated outputs FAIL_ADx from air damper block (optional) - other operation safety conditions OR-connection of: - negated E-Stop signal - failsafe input as OFF switch
- 5-1 -
(2)
(3)
(4)
(5)
AND-connection of: - gas pressure detector - atomization pressure detector
5.2.2
No. 17 18 19 20 21 22 23 24 25 26 27
Interconnection of F_TIGHTN
Input/ Output I I I I I I O O O O O I I I I Connection ST_TT PMIN PMAX Description Start command gas tightness test Type/ Parameter Input Operand /interconnected with
PMIN gas tightness test F-Input 2/2 F-Input 2/2 F-interconnection 16 Input see picture see picture Output see (6) below GBU_OPAT
PMAX gas tightness test Gas start program is GAS_RUN running Gas in operation after GBU_OPAT "t" Quitting gas tightness QUIT test Activation of interim E_VENT ventilation E_FILL V1_N_T V2_N_T TIGH_OK T1_PS T2_PS T_FUEL TFAIL_P Activation filling valve Report SSV1 not tight
Report SSV2/ventilation Output not tight Report tightness test Output successful PS+ must no react PS- must not react Filling up time of valve combination Failure time 40-60sec 40-60sec 5sec 3sec
(1)
(6) AND-connection of: - output gas igniter block GAS_RUN - negated E-Stop signal
- 5-2 -
The following picture shows the interconnection for the control of the fuel valves by the failsafe function blocks F_GAS_BU and F_TIGHTN.
- 5-3 -
5.2.3
Interconnection of F_IGNTR
No. 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
Input/ Output I I I I I I I I I I O O O O O O O I I
Connection IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN
Description Igniter ON
Type/ Parameter
Operand /interconnected with 14

OR connection for more burners
Command igniter test Input ON Command igniter test F-input 2/2 OFF Igniter failure quitting Input Igniter pre interlock fulfilled Switching conditions Other prog. are running Burner in operation F-interconnection F-interconnection see (7) below see (8) below
Ignition flame detector F-input 2/2 F-interconnection F-interconnection F-interconnection 15 13 GAS_RUN see (9) below OPEN_V
RUN_TFAIL Runtime exceeded BU_OP
IGN_READY Igniter ready IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP TIME1 TIME2
F-interconnection (1) Chapter. 4.3.2
Igniter test is running F-interconnection Igniter activated Activation ignition gas F-output valve Activation ignition F-output transformer Igniter operation after Interconnection "t" Safety time pilot burner Drive pulse ignition transformer
11
IGN_OP
Memory ignition error F-interconnection (2) 5 sec 4 sec
(7)
AND-connection of: - Pre-ventilation fulfilled (if not connected to the gas burner switch-on interlock) - E-Stop signal - Limitation of failed start-ups (user's responsibility)
(8) AND-connection of: - Ignition fuel must be present and the respective ignition pressure must be available - E-Stop signal (9) Interconnection ensuring that during the ignition, the maximum possible overall time is not exceeded (in certain cases, a second ignition process is allowed)
- 5-4 -
5.2.4
Interconnection of F_AIRD
The control of the air damper is differently realized in practice. Here, only the operating state of the burner is scanned and used for control. If the burner is at standstill, the air damper is driven to ignition position and opened in operation.
No. 45 46 47 48 49 Input/ Output I I I I I Connection CLOSE_AD AD_IGNPOS OPEN_AD AD_CLOSED AD_MAX Description Close air damper Drive air damper in ignition position Open air damper Air damper closed Ignition position of the air damper. < MAX Ignition position of the air damper > MIN Air damper is open Failure quitting Close air damper Close air damper Open air damper Open air damper Error air damper closed Error air damper open Error sensors Input Input Type/Parameter Operand/interconnected with see Picture see picture see picture
50 51 52 53
I I I O O
AD_MIN AD_OPEN QUIT CLOSE_1 CLOSE_2 OPEN_1 OPEN_2 FAIL_ADC FAIL_ADO FAIL_POS AD_IGNPOS_ OK T1_CLOSE T2_OPEN
Input Input Input Output Output Output Output Finterconnection Finterconnection Finterconnection Finterconnection (3) (3) (3) 10
54
O O
55 56 57 58
O O O O O O
Air damper in ignition position Time to close the air 30 sec damper Time to open the air 30 sec damper
- 5-5 -
5.2.5
Assignment of safety functions

ST_INTL and PROTEC GAS_OK/ PROTEC GAS_OK/ PROTEC ST_INTL and PROTEC ST_INTL and PROTEC/ AIRFL_OK ST_INTL and PROTEC/ AIRFL_OK ST_INTL and PROTEC/ AIRFL_OK PROTEC ST_INTL and PROTEC ST_INTL and PROTEC ST_INTL/ PROTEC/ STO_BU ST_INTL/ PROTEC/ STO_BU / SW_COND ST_INTL and PROTEC ST_INTL and PROTEC PROTEC/ GASFIRE PROTEC/ GASFIRE ST_INTL PROTEC ST_INTL and PROTEC IGN_ON ST_INTL and PROTEC/ GASFIRE BU_OP ST_INTL ST_INTL ST_INTL/ SW_COND RUN_TFAIL ST_INTL/ SW_COND SW_COND
Atomization medium not sufficiently available Gas pressure < Min Gas pressure > Max Power failure Air failure in pre-ventilation Air failure in operation Air monitoring device activated before start-up Limits of fuel/air ratio exceeded Combustion gas exhaust not clear Pressure in combustion chamber > max Off-switch activated Danger switch activated Plant protectors activated Burner swiveled out No flame available at start-up Flame extinguished during operation External light before fuel release Recirculation performance limits exceeded Recirculation fan failed Igniter ON Start gas flame extinguished during stabilization time Multi-burner: main burner in operation Start power > Max. Safety shut-off device not closed Preventilation not successful Ignition time run out Number of ignition attempts > max. Tightness test: Failure
Tightness test: Release in the combustion chamber ST_INTL Main flame detector PROTEC/ GASFIRE Ignition flame detector Atomization pressure detector Air pressure detector IGN_OP (F_IGNTR) GAS_OK AIRFL_OK
- 5-6 -
5.3 Connection example for oil burner control

5.3.1
No. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Interconnection of F_OIL_BU
Input/ Output I I I I I I I I I I I I I I I I O O O O O O O I I I Connection SW_INTL ST_INTL PROTEC STA_OBU STO_OBU V_IGNPOS OILFIRE OIL_OK Description Switch-on interlock Start-up interlock Operation interlock Command oil burner ON Command oil burner OFF Valves in ignition position Fire in boiler with oil Oil conditions fulfilled Type/ Parameter F-interconnection F-interconnection F-interconnection Input F-input F-input F-input F-interconnection F-input F-input Input F-interconnection 57 F-interconnection 41
Interconnection with AND block See (6) below see (4) below
Operand /interconnected with

see (1) below see (2) below see (3) below
Multi-burner
se (5) below
STV_OPEN Atomizer valve open CSTV_CLO AD_IGNPOS AIRFL_OK IGN_OP BU_OP E_CLEAN QUIT OIL_RUN Blow out valve closed Air damper in ignition position Common air criteria fulfilled Igniter operation after "t" Burner in operation
IGN_OPAT Multi-burner END
Cleaning program F-interconnection ended Quitting operation interInput ruption Cleaning program is running F-interconnection
26, 49,
OIL_RUN, PRG_RUN
OPEN_STV Open atomization valve IGN_ON OPEN_OV OIL_OPAT GCLEAN Switch on igniter Activation oil valve Oil operation after "t" Oil lance blown out F-interconnection F-output F-interconnection 42 51 35 IGN_ON BU_OP OILP_RS
PROTEC_F Operation interruption T1_VDZ T2_ZSI T3_LSI Drainage Safety time oil burner 10 sec 2 sec
Safety time oil burner + 5 sec filling up time
- 5-7 -
(1)
AND connection of: - output from igniter block IGN_READY - preventilation fulfilled (if not yet connected to the switch-on condition of the igniter so that IGN_READY=TRUE) - output END from the oil start-up block (optional or another signal notifying that the cleaning program was carried out) AND-connection of: - negated output igniter block DISRUP - run time supervision. (s.3.3.2) AND-connection of: - negated output Air damper block FAIL_ADx (optional) - necessary air conditions (see AIRFL_OK) - necessary oil conditions (see OIL_OK) OR-connection of: - negated E-Stop signal - input as standard OFF-switch - output OILBU_OF from the block OIL_ST AND-connection of: - oil pre-warming detector - oil lance run in - oil pressure detector - atomization pressure detector AND-connection of: - air pressure detector - air exhaust detector
(2)
(3)
(4)
(5)
(6)
- 5-8 -
5.3.2
No. 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 41 42 43
Interconnection of F_OIL_ST
Input/ Output I Connection OILP_ON OILP_OFF I I I I I I I I I I I O O O O O O I I PROTEC PRG_RUN SW_COND OL_ON IGN_OP OV_CLOS AV_OPEN AP_MIN AD_IGPOS BV_OPEN OILP_RS STPR_ON IGN_ON OILBU_OF BV_OFF END DISRUP BL_TIME T_DISRUP Description Type/ Parameter Operand/ interconnected with
Start cleaning program Input Stop cleaning program F-input Operation interlock Other Programs are running Switch conditions Oil lance run in F-interconnection F-interconnection F-interconnection F-input 57 IGN_OPAT 17 52 Enable OIL_RUN IGN_READY
Igniter in operation after F-interconnection "t" Oil valves closed Atomizer valve open Atomizer pressure > MIN Air damper in Ignition position Steam blow-out valve open Cleaning program is running Activation Igniter Oil burner OFF Steam blow-out valve ON Oil blow-out program ended Error in cleaning program Steam blow-out time Runtime for cleaning program F-interconnection F-interconnection F-output F-interconnection 42 5 F-input F-input F-input Input F-input
Interconnection with AND Block
Reset cleaning program F-interconnection
21
OIL_OPAT
IGN_ON STO_OBU
1,15
SW_INTL , E_CLEAN
0-40m 0-60m
- 5-9 -
5.3.3
No. 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
Interconnection of F_IGNTR
Input/ Output I I I I I I I I I I O O O O O O O I I Connection IGN_ON IGNT_ON IGNT_OFF QUIT INT_FLUF SW_COND IGN_OP PRG_RUN Description Igniter ON Command Ignition test ON Command Ignition test OFF Quit igniter error Igniter pre interlock fulfilled Switching conditions Ignition flame detector Type/ Parameter F-interconnection Input F-input 2/2 Input F-interconnection F-interconnection F-input 2/2 17 OIL_RUN (9) 20 (1)/ 27 OPEN_OV SW_COND Kap. 4.3.2 (7) (8) Operand/ interconnected with 19, 37 several burners
OR connection for
Other prog. are running F-interconnection F-interconnection F-interconnection F-interconnection F-interconnection
RUN_TFAIL Runtime exceeded BU_OP Burner in operation
IGN_READY Igniter ready IGN_TEST IGN_ENGD OPEN_V TRANSF IGN_OPAT DISRUP TIME1 TIME2 Ignite test is running Igniter activated Activation of ignition gas valve Activation of ignition transformer Igniter operation after "t"
F-output F-output F-interconnection 13, 29 (2) IGN_OP
Memory error at ignition F-interconnection Safety time pilot burner 5 sec Drive pulse ignition transformer 4 sec
(7)
AND-connection of: - preventilation fulfilled (if not connected to switch-on interlock oil burner) - E-Stop signal - restriction of failed start-ups (user's responsibility) AND-connection of: - ignition fuel must be present and the respective Ignition gas pressure must be ok - E-Stop signal
(8)
(9)
interconnection ensuring that during the ignition, the maximum possible overall ignition time is not exceeded (in certain cases, a second ignition process is allowed)
- 5-10 -
5.3.4
Interconnection of F_AIRD
The control of the air damper is differently realized in practice. Here, only the operating state of the burner is scanned and used for control. If the burner is at standstill, the air damper is driven to ignition position and opened in operation.
No. 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 Input/ Output I I I I I I I I O O O O O O O O I I Connection CLOSE_AD AD_IGNPOS OPEN_AD AD_CLOSED AD_MAX AD_MIN AD_OPEN QUIT CLOSE_1 CLOSE_2 OPEN_1 OPEN_2 FAIL_ADC FAIL_ADO FAIL_POS AD_IGNPOS_ OK T1_CLOSE T2_OPEN Description Close air damper Drive air damper to ignition position Open air damper Air damper closed Air damper ignition control.< MAX Air damper ignition control > MIN Air damper open Failure quitting Close air damper Close air damper Open air damper Open air damper Error air damper closed Error Air damper open Error sensors Air damper in ignition position Time to close air damper Time to open air damper Input Input Input Input Input Output Output Output Output Finterconnection Finterconnection Finterconnection Finterconnection 30 sec 30 sec (3) (3) (3) 11 Type/ Parameter Operand/ interconnected with see picture see picture see picture
- 5-11 -
5.3.5
Assignment of safety functions

ST_INTL and PROTEC OIL_OK/ PROTEC OIL_OK/ PROTEC ST_INTL and PROTEC / AIRFL_OK ST_INTL and PROTEC / AIRFL_OK ST_INTL and PROTEC / AIRFL_OK ST_INTL and PROTEC / AIRFL_OK PROTEC ST_INTL and PROTEC ST_INTL and PROTEC ST_INTL/ PROTEC/ STO_BU ST_INTL/ PROTEC/ STO_BU/ SW_COND ST_INTL and PROTEC ST_INTL and PROTEC PROTEC/ OILFIRE PROTEC/ OILFIRE ST_INTL PROTEC ST_INTL and PROTEC ST_INTL and PROTEC ST_INTL and PROTEC IGN_ON ST_INTL and PROTEC/ OILFIRE BU_OP ST_INTL ST_INTL ST_INTL/ SW_COND RUN_TFAIL ST_INTL/ SW_COND IGN_OP (F_OIL_ST) PROTEC/ OILFIRE IGN_OP (F_IGNTR) OIL_OK OIL_OK/ PROTEC ( if Operation necessary) AIRFL_OK
Atomization medium not sufficiently available Oil pressure < min Oil pressure > max Power failure Air failure in pre-ventilation Air failure in operation Air monitoring device activated before start-up Limits of fuel/air ratio exceeded Combustion gas exhaust not clear Pressure in combustion chamber > max Off-switch activated Danger switch activated Plant protectors activated Igniter swiveled out No flame available at start-up Flame extinguished during operation External light before fuel release Recirculation performance limits exceeded Recirculation fan failed Oil temperature < min. Oil temperature > max. Igniter ON Start gas flame extinguished during stabilization time Multi-burner: main burner in operation Start power > max. Safety shut-off device not closed Pre-ventilation not successful Ignition time run out Number of ignition attempts > max. Steam blow-out: igniter not ON Main flame detector Ignition flame detector Atomization pressure detector Oil lance Air pressure detector
- 5-12 -
5.4 Failsafe Inputs and Outputs

The following table shows how each of the inputs and outputs of the failsafe blocks is to be connected. Explanation:
F-input 2v2 F-input F-output Failsafe input with redundant sensor Failsafe input output at failsafe output module
For gas burner X X X X X X X X X X X X X X X
Description
Type
Input / Output
Activation ventilation valve Activation main valve Activation oil valve Activation safety valve Activation ignition gas valve Activation ignition transformer Open steam blow-out valve Steam blow-out valve open Steam blow-out valve closed Command gas burner OFF Command oil burner OFF Igniter swiveled out Ignition chamber pressure > MAX External light supervision Gas pressure detector Gas regulation valve start position Main flame detector Emergency stop Switch off oil start-up Oil pressure detector Oil lance run in Oil temperature < MIN Oil temperature > MAX Oil valves closed PMAX gas tightness test (gas supply) PMIN gas tightness test (gas supply)
Actuator Actuator Actuator Actuator Actuator Actuator Actuator Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor Pushbutton Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor
F-output F-output F-output F-output F-output F-output F-output F-input F-input F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input 2v2 F-input F-input 2v2 F-input F-input 2v2 F-input 2v2 F-input F-input 2v2 F-input 2v2
X X X X X
X X X X
X X X X X X X X
- 5-13 -
For oil burner
For gas burner X X X X X
Description
Type
Input / Output
Valves in ignition position Oil pre-warming detector Atomization pressure > MIN Atomization valve open Atomization medium not available Ignition fuel available Igniter test OFF Ignition flame detector Ignition gas pressure < MIN
Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor Sensor
F-input F-input F-input F-input F-input F-input 2v2 F-input 2v2 F-input 2v2 F-input
X X X X X X X X X
- 5-14 -
For oil burner
Support
6 Support
Assistance Should you have any further questions about the products described in the manual, please contact your Siemens partner at your agencies or offices. http://www.automation.siemens.com/partner/
Training Center We offer courses in order to make yourself familiar with the Automation System SIEMENS SIMATIC. Please contact your regional training center or the central training center in D 90327 Nuremberg. Telephone: +49 (0)911 8953200 http://www.sitrain.com/
H/F Competence Center: The H/F Competence Center supports you to all questions regarding failsafe and highly available systems. Furthermore, we help you with the project planning, commissioning or with problems, needless to say, on site. Tel.: +49 (0)911 895-4759 Fax: +49 (0)911 895-5193 Email: hf-cc.aud@siemens.com Inquiries about Safety Integrated (installation, wiring etc.): siss@automation.siemens.com
SIMATIC Documentation in Internet / Siemens-Intranet Documentation can be found free of charge at: http://support.automation.siemens.com Please use the offered Knowledge Manager to find the needed documentation quickly.
- 6-1 -
Notes
7 Notes
- 7-1 -

Burner - Function - Blocks From SIEMENS

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Burner - Function - Blocks From SIEMENS

Caricato da

Copyright:

Formati disponibili

SIEMENS

Important notices Table of Contents Fuel technology and burner package

System and software requirements

Failsafe function blocks for burner technology

Interaction of the blocks

Edition 03/2007 Version v1.0

Copyright Siemens AG 2006 All rights reserved

Siemens AG 2006 Technical data subject to change.

Guidelines for Registration

System and software requirements ............................................................................2-1

Failsafe function blocks for burner technology.........................................................3-1

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Interaction of the blocks ..............................................................................................4-1

Support ..........................................................................................................................6-1 Notes..............................................................................................................................7-1

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Fuel Technology and Burner Package

1 Fuel Technology and Burner Package

1.1 Technologic Scheme

Technical Plan of the Burner Technology

General structure of a burner plant

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Fuel Technology and Burner Package

Generic operation of a burner

1.2 Burner Package Functionality

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Fuel Technology and Burner Package

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Fuel Technology and Burner Package

1.3 What is new in version 5.4?

Function changes in the blocks

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Fuel Technology and Burner Package

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

System and software Requirements

2 System and software requirements

2.2 Safety requirements

2.3 Principle of the safety functions

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

System and software Requirements

2.5 Safety parameters of the function blocks

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

3 Failsafe function blocks for burner technology

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

Installation in Cyclic Interrupt- OBs

Use of data blocks

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

3.2 Failsafe function block gas tightness test (F_TIGHTN)

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

Test phase 2 of the tightness test

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

#OPEN_V: #E_FILL: #E_VENT:

OPEN_V from F_GAS_BU E_FILL from F_TIGHTN E_VENT from F_TIGHTN

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology

SIMATIC S7-Distributed Safety - Failsafe Function blocks for burner technology

Failsafe function blocks for burner technology