05411729

1342 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 59, NO. 5, MAY 2010

On the Implementation and Performance Assessmentof a WirelessHART Distributed Packet Analyzer

Paolo Ferrari, Member, IEEE, Alessandra Flammini, Member, IEEE, Daniele Marioli, Member, IEEE,Stefano Rinaldi, Member, IEEE, and Emiliano Sisinni, Member, IEEE

Abstract—Wireless sensor networks are nowadays a reality. Thewide consensus gained by the IEEE 802.15.4 standard has facili-tated the adoption of wireless links not only in the consumer worldbut also as a valid replacement of traditional wired industrialnetworks. In particular, the physical layer specs of IEEE 802.15.4comply with the critical requirements of industrial applicationsas low cost and low power. The most remarkable example of thisstrategy is WirelessHART (WH), which is the first wireless fieldbusbased on an open standard and specifically designed for processmeasurement and control applications. It uses traditional IEEE802.15.4 radios but adopts a synchronized time-division medi-um-access strategy and relies on HART protocol for the upperlayers. Its mesh topology allows for efficient and reliable coverageof large areas. It was presented in September 2007, but testspecifications have officially been released just a few months ago,together with the announcement of the “Wireless Test System,”which is only available to HART consortium members. In thispaper, the authors deeply discuss the design and performance ofa new and innovative packet analyzer purposely designed for theWH protocol. To the authors’ knowledge, it is the first instrumentthat pursues a distributed approach so that it can be used bothfor laboratory tests and for on-the-field measurements duringthe plant commissioning. It is capable to simultaneously scanall available RF channels and to furnish packet timestampingwith accuracy on the order of microsecond, as verified by anextensive measurement campaign. In addition, a dissector forthe well-known WireShark software has also been implementedand described, providing a very simple and intuitive analysis.Moreover, the proposed instrument has been interfaced with apreliminary version of the analysis software supplied by the HARTconsortium.

Index Terms—Intelligent sensors, time synchronization, Wire-lessHART (WH), wireless fieldbus, wireless sensor network.

I. INTRODUCTION

THE world of industrial communications shows an increas-ing interest toward wireless fieldbuses, that is, the use of

wireless communications to interconnect devices at the fieldlevel: sensors, actuators, instruments, controllers, and so on. Inaddition to proprietary solutions, some standards are emerging,like WirelessHART (WH) or ISA100 [1], [2]. The goal ofboth proposals is to establish a wireless communication stan-dard for process automation applications. The widely known

Manuscript received June 30, 2009; revised November 6, 2009. First pub-lished February 1, 2010; current version published April 7, 2010. The AssociateEditor coordinating the review process for this paper was Dr. V. R. Singh.

The authors are with the Department of Electronics for Automation, Uni-versity of Brescia, 25123 Brescia, Italy (e-mail: [email protected];[email protected]; [email protected]).

Color versions of one or more of the figures in this paper are available onlineat http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TIM.2010.2040907

ZigBee, on the contrary, seems unsuitable for this applicationfield as it has not been specifically designed for reliable real-time cyclic communications [3]. Although ZigBee, WH, andISA100 use the same physical level of IEEE 802.15.4, theydiffer a lot concerning the medium access control (MAC) level,practically impeding the use of common devices and tools. Forinstance, both WH and ISA100 are mesh solutions adoptingfrequency agility and power adaption to improve the com-munication reliability. Thus, commercial available distributedprotocol analyzers (e.g., the Q51 from Exegin [4] or the 2400-SNA from Daintree [5]) cannot be used since they are designedfor IEEE 802.15.4 and are not able to simultaneously listen toall the available channels. Starting from this consideration, theauthors’ work has been focused on WH, whose specificationsare available since September 2007. Until now, instrumentsspecifically designed for the commissioning or diagnosis ofWH systems are still lacking. Most of the published worksrefer to simulation results and not to real-world experiments [6],[7]. Some customizable and multistandard analysis tools havebeen proposed in the past, like the one from Peryton (availablealso for multiple channels hearing [8]), but only the HARTconsortium has recently announced an instrument purposelydesigned for the compliance verification of WH devices [9],[10]. The core of this system is the “Wi-HTest,” which is an em-bedded PC based on Linux that executes conformance scripts.The other components are the “Wi-Analys,” which implementsthe wireless interface, and the postprocessing software thatanalyzes the traffic collected over the air. These tools are veryuseful for laboratory testing (since we are in early days of WH,a lot of debugging work must be done!) but cannot be employedfor on-the-field measurements. In particular, a single-probeinstrument has many limits in a real industrial plant, where alarge area can be covered by means of the mesh topology. Thisway, only a single hop of the network can be analyzed, being thearea coverage of the instrument itself on the same order of thearea coverage of single devices. On the contrary, a noninvasivedistributed diagnostic tool could be deployed in the plant duringnormal operations, furnishing a useful feedback to the networkmanager for the design of the best graph routing and for theadjustment of the mesh parameters (e.g., the ability of a WHnode to tune the transmitting power can effectively be usedonly if there is an instrument able to simultaneously measurethe quality of communication in several points of the plant).

In this paper, the authors detail the design and show theperformance assessment of an innovative distributed instrumentbased on the architecture guidelines proposed in [11]. The mainaim of this paper is the definition of a low-cost instrument

0018-9456/$26.00 © 2010 IEEE

FERRARI et al.: ON THE IMPLEMENTATION AND PERFORMANCE ASSESSMENT OF A WIRELESSHART DISTRIBUTED PACKET ANALYZER 1343

designed using commercial hardware. The proposed solutionis capable to collect (over a wide geographical area) wirelesstraffic simultaneously present on all the available RF channels.An important aspect is the capability to precisely timestampthe arrival of a new packet to verify the respect of time slotassignment. The additional goal of this paper is to furnisha valid system to show and analyze collected data. For thispurpose, an interface toward a popular “sniffing” tool (Wire-Shark) has been designed. The capability to use the Wi-Analyssoftware tool provided by the HART consortium has also beenverified. This paper is organized as follows: In Section II, a briefoverview of the WH characteristics is reported. In Section III,the architecture of the new distributed instrument, which can beused for both diagnostic and commissioning of WH systems, isdetailed. In Section IV, the probe implementation is discussed,and in Section V, the software running on the monitor stationis introduced. Finally, in Section VI, the results of an extensivemeasurement campaign for assessing the performance of theinstrument are reported, whereas Section VII contains someconcluding remarks.

II. WIRELESS HART STANDARD

WH is an extension of the well-known and widespread wiredHART protocol; it preserves backward compatibility and offersnew possibilities due to the greater flexibility and scalabilityof wireless networking. As previously stated, it is mainlydevoted to process automation; for this reason, WH supportsapplications that have a minimum cycle time on the orderof seconds. It is a time-synchronized ultralow-power meshwireless fieldbus. To maximize reliability, it uses frequencydiversity, time diversity, and spatial diversity and allows theadaption of the transmitting power. The WH specificationsfollow the Open System Interconnection layers and containPHYsical, Data Link (that includes MAC), and NetWorK lay-ers. The Transport and APPlication layers are the same forboth wired and wireless HART. WH has also been approved asan International Electrotechnical Commission Public AvailableStandard by the recently formed Working Group 16 withinthe Standard Committee SC65C for Industrial Communi-cations [12].

A WH network is formed by one and only one active networkmanager, which is supported by the security manager for thedistribution of encryption keys. At least one gateway intercon-nects field devices with the plant automation system. However,not every device must have an active role in the communication(i.e., source or sink), but there are also routers, handheld devices(used for commissioning and/or maintenance purposes), andadapters (used to connect legacy hardware with the wirelessnetwork).

With regard to the physical layer, the IEEE 802.15.4-2006has been chosen, i.e., physical devices compliant with thisstandard can be used to implement WH nodes. This impliesthat modulation schemas are exactly the same, but all the otherprotocol layers are different; there is no compatibility betweenthese standards, and interoperability has to be realized at theapplication layer. For instance, WH supports only 15 of the16 channels of IEEE 802.15.4 (the last one is avoided), and a

black list can be created by the network manager to avoid somefrequency channels and improve coexistence.

The MAC layer protocol is based on a hybrid use oftime-division multiple-access and slow frequency-hopping ap-proaches. All nodes participating to the network must sharethe same sense of time, i.e., they must all be aligned tothe same superframe structure, which is made up of a fixednumber of 10-ms-wide timeslots. In particular, two (or more)devices can communicate only if they share a “link.” Each linkcontains not only a reference to the neighbors involved in thecommunication but also the slot number within the superframe,the direction of the communication (transmit/receive), the linkcharacteristics (e.g., shared/dedicated, since a clear channelassessment mechanism is provided), and the initial communica-tion channel. The latter parameter and the absolute slot numberare needed to calculate the active channel to be used in thecurrent link. Time synchronization is achieved by exploitingpair-wise exchange of time information within data messagesand their acknowledges, followed by a comparison of the actualpacket arrival times (in the node time reference) with respect tothe theoretical times (in the network manager time reference).

The routing of data packets is based on graph routingrather than on (optional) address routing. Each pair of nodesis interconnected by a graph, i.e., the ensemble of directedlines that connect them. Both upstream (toward the gateway)and downstream graphs are used in WH. Only the networkmanager, which is responsible for correctly configuring eachgraph, knows the entire route; the graph information within anode only indicates the destination of the next hop.

III. ARCHITECTURE OF THE PROPOSED INSTRUMENT

The proposed distributed instrument is based on the deploy-ment of several “probes” interconnected by a wired measure-ment network (namely, an Ethernet link). An overview of thesystem is depicted in Fig. 1. The aim of each probe is to sniffand collect traffic over the air, which is compliant with the WHspecifications, to give significant information on the correctbehavior of the wireless network under test.

Each probe has a modular organization and can host aminimum of two transceivers compliant with the IEEE 802.15.4physical layer. This way, it is possible to simultaneously sniffboth the active channel of the current timeslot and the activechannel of the next time slot. Information on the frequencymap can be obtained from the network manager, which mustalways be present, or from the engineering software duringthe commissioning. Up to 15 transceivers can be managed,allowing for the simultaneous scanning of all the availablebandwidth.

The proposed instrument probe is not only able to log trafficbut can also acquire physical input signals with the sametimestamping reference. This feature can be used to measure theperformance of the application layer. For instance, it is possibleto measure the delay between an event (monitored on the inputline) and its notification over the network.

An arbitrary number of probes, e.g., each one covering adifferent area of the plant, can be deployed; their number islimited only by the available bandwidth of the “measurement


Fig. 1. Architecture of the proposed instrument.

network.” Logged data, timestamps, and ancillary data (asincoming signal power . . .) are encapsulated within a UserDatagram Protocol (UDP) packet to be viewed and collectedwith traditional sniffing tools. The subsequent data analysis canbe performed by means of user-developed software, as betterexplained in Section V.

Obviously, the bandwidth available for each probe must behigher than the aggregate traffic coming from all the channels;however, this is not a “real” problem since the maximum theo-retically available bandwidth of the network is about 4 Mb/s.In a more realistic situation, where the maximum packet(133 Bytes) and its ACK (26 Bytes) are transmitted togetherwith about 60 B of ancillary data per WH link, the overallbandwidth is lower than 3.5 Mb/s (15 channels, 2296 bits in10 ms for each channel). According to these considerations,up to 50 probes can be interconnected together using a giga-bit Ethernet link as the measurement network (considering areasonable throughput of 200 Mb/s).

The monitor station has relaxed constraints since its tasks donot need a real-time execution. In fact, the monitor station’smain task is to store and elaborate all the incoming data. Thus,the only critical point is the system bandwidth, which is theability to manage all the data without dropping frames. Anadditional task of this device is to configure the measurementnetwork and to transfer probe parameters, such as probe ID,synchronization methods, etc. Moreover, this station has toexchange information, such as network configuration or en-cryption keys, with the WH network and the security managers.These data are useful for the analysis of the collected data. Themonitor station can be implemented by a dedicated sniffing toolrunning on a traditional PC.

Another key point is the time synchronization amongprobes; a high-accuracy synchronization is required to com-pare timestamped traffic coming from different probes in themeasurement network. As also suggested in [13], two differentmethods can be implemented; the sync signal can be transmit-ted by wire or over the measurement network. In the first case,all the probes have a dedicated wire carrying a 1-pulse-per-second (PPS) signal used for synchronization. In the secondcase, the time reference is distributed using network protocols(e.g., IEEE 1588 PTP [14]) through the measurement network.In the proposed solution, each probe can be connected to a GPS

receiver or to other 1-PPS sources. Moreover, any probe canact as the reference time source and distribute that reference toother probes.

IV. PROBE IMPLEMENTATION

Probe implementation of the proposed distributed instrumentaffects cost, compactness, overall instrument capability (e.g.,the maximum number of probes), and particularly synchro-nization performance. Each probe can easily be realized usingcommercial available transceivers compliant with the IEEE802.15.4 specs (no matter the vendor), managed by a supervisorfield-programmable gate array (FPGA). The block diagram ofa single probe is illustrated in Fig. 2. The FPGA (Stratix-IIfrom Altera) manages the RF transceivers and the monitoringport “M Port”; an additional “AUXiliary Port” is provided asinput/output port for synchronization signals, e.g., GPS or 1-PPS. A buffer memory is used to temporary store sniffed data.

It must be remembered that the physical interface toward ageneric IEEE 802.15.4 transceiver is not standardized; in otherwords, there is no equivalent of the media independent interface(G-MII for the gigabit version) of Ethernet or host controllerinterface of Bluetooth. However, transceivers are usually ac-cessed as slaves by means of a synchronous serial interface [i.e.,serial peripheral interface (SPI)] supported by very few controllines. In addition, some transceivers also provide a digital linesignaling the arrival of a new packet; in the following, such aline is called SFD since it can be related to the detection ofa “start frame delimiter” field within an IEEE 802.15.4-PHY-compliant packet.

Each transceiver has its own dedicated SPI controller andan “input capture” facility to sample the SFD line (within the“Port X logic & Timestamping” block of Fig. 2). This choiceaffects resource utilization, but it allows for a modular approachthat improves performance. A more detailed description canbe found in [11]. In particular, the MC13192 from Freescalehas been used in the actual prototype as the RF transceiver.Supposing to realize a packet analyzer with 15 radio modules,all channels can simultaneously be scanned, and all incomingpackets can be timestamped with the same reference time.

All the blocks are interconnected by means of an internalbus and are linked to a “supervising and synchronization block”


Fig. 2. Detailed block diagram of the instrument probe.

Fig. 3. Encapsulation method (field lengths are in bytes).

(SSB) that embodies a CPU soft core (32-bit NIOS2 IP core).An optional direct memory access peripheral could be imple-mented to further improve the throughput. The SSB exchangesconfiguration parameters with the monitor station through themeasurement network (Port M). This very small amount ofnontime-critical data does not affect the measurement networkbandwidth and performance. By means of configuration mes-sages, probe properties (e.g., addresses, sync method, probestatus, etc.) and recording settings (e.g., logging filters, datadecryption, etc.) can remotely be written or read. However,the SSB not only manages the probe configuration but alsohandles the synchronization protocol. It implements the IEEE1588 PTP [14] over the Ethernet link (Port M, handled bya hardcoded module within the FPGA). To support an accu-rate clock synchronization over Ethernet, an Ethernet MACblock with PTP support (enclosed within the “Port M logic& Timestamping” block) has been implemented. This moduleprovides several services useful to PTP stack, such as thehardware timestamping of incoming and outcoming PTP frame.In addition, if needed, the SSB handles the GPS or other wiredsynchronization signals, which is cited as “Sync I/O” in Fig. 2.Referring to the same block diagram, these synchronizationmethods adjust the “Local Time Reference,” which fed all thetimestamping blocks.

Fig. 4. WireShark with WH dissector screenshot.

It must also be remembered that all WH packets are en-crypted. Since the sniffer passively scans the radio channels,the decryption can easily be performed “offline” by the mon-itor station. In addition, nowadays, several transceivers withan onboard encryption/decryption engine are available, likethe MC1322X from Freescale [15]. In any case, probes mustreceive keys only from the monitor station (see Fig. 1) toimprove security.


Fig. 5. HCF WiAnalys tool used to show data collected by the proposed instrument.

TABLE IRESOURCES REQUIRED BY THE CURRENT PROBE IMPLEMENTATION

V. ANALYSIS SOFTWARE OF THE MONITOR STATION

The monitor station may be implemented by means ofa traditional PC with a 100/1000 BaseT Ethernet port. Tosimplify as much as possible the system and lower theoverhead—maximizing the number of managed probes—packets collected by each transceiver are encapsulated withinan UDP/IP packet. As previously stated, the WH standardimposes encryption for all communications. If decryption isnot hardware implemented, then the sniffed data are made upof raw encrypted packets, and the decryption process mustbe implemented offline by the analysis software. In any case,this means that ciphering keys must be known by the monitorstation. This in turn implies that communication between thesecurity manager, the network manager, and the monitor stationmust take place. Usually, both managers are logical devicesrunning on the same hardware. In addition, they are realizedby the same manufacturer, and communication between them isusually proprietary and not available to third users (e.g., EdgeSystem Manager SM4800 from Nivis [16] or SenzaNMP fromE-Senza [17]).

Fig. 6. Developed probe.

Even if these aspects are not explicitly treated in this paper,an extension of HART commands, including also debuggingtools, could be provided according to the need. This way, allactors in the network could be seen as HART devices andcould use the standardized “HART TCP/IP communicationinterface” to share information. The latter specification, whichis yet in the draft state, contains the definitions of how standardHART and WH application layer commands must be sent overa Transmission Control Protocol (TCP)/IP transport. At thepresent, a proprietary application protocol within the UDP/IPsuite has been implemented for prototype testing.

As stated in the previous section, a preliminary filtering ac-tion can be performed by the SSB, which can be programmed towork in promiscuous mode or to log packets sent by a particularnode. Subsequently, raw incoming packet data and ancillaryinformation constitute the payload of an UDP/IP packet, asshown in Fig. 3.

In particular, the “Sniffer Header” starts with a “Type” fieldthat has a twofold meaning. In fact, it not only qualifies the pay-load type as WH data but also allows for a command–responsecommunication mechanism between the monitor station andthe probes. For instance, filters to be applied are sent thisway, i.e., the monitor station sent a “Filtering” command andputs filter parameters in the data field; after that, the probeanswers, replicating the packet as an acknowledgment. Sincethe payload can be of variable length, its dimension is specified


Fig. 7. Detail of a single data transfer.

in the “Length” field. The “DevId” field is a unique identi-fier of each member of the monitoring network. The “LQI”field reports an indication of the link quality, exploiting theavailability of a link quality indicator computed by every IEEE802.15.4-PHY-compliant transceiver. The “Probe Status” fieldis used to notify anomalies in the probe functioning and forspecial event notification. As regards the timestamp, if theadopted transceiver performs timestamping on its own (e.g., theMC13192), a 4-B-long field “Timestamp 802.15.4” is added tosend this information to the monitor station. Anyhow, an 8-B-long “Timestamp” field, which was computed by the “Port logicand Timestamping block” shown in Fig. 2, is also included. Theformat is compatible with the IEEE 1588 specs since it has twosubfields: 1) seconds and 2) nanoseconds.

Once the monitor station has received a new packet, it mustextract the payload and offer an appropriate user interface.The authors decided to improve the capability of a widespreadpacket analyzer tool (namely, WireShark) by developing adissector for the WH protocol. WireShark is an open-sourcereal-time packet analyzer widely accepted by both academicand industrial worlds. It features detailed packet analysis andfiltering for TCP–UDP networks and offers a lot of statisticalplugins. However, it also provides a very good framework foranalyzing any type of packetized network, being the code freelyavailable for modification by the public. In particular, since themonitoring network already exchanges UDP packets, only thepacket analysis portion of WireShark must be modified. Thissection is addressed as “dissector,” since it contains the logicfor dissection of packet contents; it works in a hierarchicalway, with different dissectors that analyze different parts of thepacket data. Modularity and scalability of the monitor stationimply that the realized instrument is not strictly devoted to WHanalysis, but it can easily be fitted to other communication stan-dards (IEEE 802.15.4-PHY based), like the ISA100 proposal.More details on the WireShark environment can be found in thedescription of the instrument that the authors have designed forreal-time Ethernet analysis [13]. In Fig. 4, a screenshot of theWireShark with the WH dissector is shown.

Another possibility has also been verified. Since the pre-liminary version—the only one in the authors’ possession—ofthe Wi-Analys Tool from the Hart Communication Foundation(HCF) consortium has a plain text log file, an application able totransform the authors’ instrument log file into that accepted bythe Wi-Analys has been realized. For instance, Fig. 5 shows anexample acquisition obtained with the same test bed describedin Fig. 9, where the type of incoming packet, the time of arrival

TABLE IIOFFSET ERROR BETWEEN THE TWO PROBES WITH DIFFERENT

SYNCHRONIZATION METHODS

and the elapsed time (both with nanosecond resolution), theLQI, the packet status, and the RF channel are highlighted.

VI. RESULTS

Prototypes have been realized around the NIOS2 de-velopment kit by Altera, which were equipped with anEP2S60F672C3 Stratix II FPGA (60 k LE). An extension boardhas been designed to host the MC13192 transceivers, evenif, as previously stated, this is not a real constraint, and allcommercial available devices can easily be adapted.

The resource occupation of the FPGA is summarized inTable I. The complete system occupies less than 40% of all theavailable FPGA logic elements and about 10% of the FPGARAM. Obviously, most of the available resources are used toimplement the 15 SPI controllers, one for each channel used bythe WH.

As an example, Fig. 6 shows the development board togetherwith a four-transceiver extension card.

Some additional measurements have been performed to esti-mate the time needed to move incoming data from the trans-ceiver toward the Ethernet port. In particular, since we usethe streaming mode [11], WH packets are transferred over theSPI link in 2-B blocks; after each block transfer, the Ethernetbuffer is filled. A resuming picture is depicted in Fig. 7. Thepreliminary SPI transfer is needed to clear the RX interrupt(only once per packet), whereas the second transfer reads thefirst two data bytes of the incoming packet. These operationsare executed in hardware by the SPI controller and do not affectthe performance since they are executed in parallel for all the


Fig. 8. Experimental setup for the estimation of the probe synchronization accuracy.

channels. On the contrary, the real constraint is the time elapsedin the Ethernet buffer transfer, which is sequentially executedfor all the transceivers under the control of the SSB. As shownin the same figure, this transaction requires 700 ns, and allavailable channels can be scanned within about 10 μs withoutlosing any packet.

A. Probe Synchronization

In a distributed instrument, it is essential to provide mech-anisms for synchronizing the time reference of devices. Inthe special case of a packet analyzer, it is important to offerproper synchronization methods to ensure consistency of time-related information gathered along the network, such as frametimestamps. In fact, only in this way is it possible to makethe correct analysis on the collected data. For this reason,great attention has been paid to the characterization of probesynchronization.

The synchronization capability can be maximized using anexternal signal provided by a pulse generator (Agilent 33220A,with cables of equal length) that is used as the time reference. Inother words, it mimics a 1-PPS reference signal. Two differentprobes must track this signal, compensating local time varia-tions and generating an output signal. The offset between the1-PPSout output signals of the two probes has been measured,resulting less than 100 ns (standard deviation computed over10 h is 16 ns), as shown in the first row of Table II.

Obviously, synchronization with a reference signal like the1 PPS is cumbersome in industrial environments, and a fullynetworked solution should be preferred. For this reason, thePTP-based solution has been tested. A preliminary test hasbeen performed linking the two probes with a cross cable,where the first probe was the master, and the other probe wasthe slave. The second and third rows in Table II refer to aPTP synchronization achieved with a synch interval of 1 and2 s, respectively. The offset error is greater than using the1-PPS signal, but no dedicated lines are needed except themeasurement network (in this case, a 1000Base-T link). Finally,the last row in Table II refers to a more realistic scenario, whereboth probes belong to a switched network (star topology). Theexperimental setup is shown in Fig. 8: a 10/100-Mb/s switchfrom Hirschmann (MICE-MS30), which can also act as the

Fig. 9. Experimental setup used to characterize the RF transceivers.

PTP master, has been used. Obviously, a 100Base-T switchdecreases the whole network rate, but it does not affect syn-chronization performances. Until now, very few applicationsrequire PTP over gigabit Ethernet, and devices supporting it areextremely rare and expensive [18]. Additional measurementswith different network loads have been performed without asignificant increase in the offset error, even with full rate traffic(i.e., a unidirectional flow of 197-B-long frame for over-the-airdata followed by 90-B-long frame for over-the-air ACK packetevery 10 ms).

B. Transceiver Characterization

Several tests have been carried out during the developmentphase to characterize the transceiver used in the sniffer im-plementation (Freescale MC13192). The experimental setupused for transceiver characterization is shown in Fig. 9. Atraffic generator compliant with IEEE 802.15.4-PHY specs hasbeen implemented. It has been designed around an XBee RFmodule from Digi, which consists of a microcontroller HSC08and a MC13192 transceiver, both from Freescale. This choicehas been dictated by the absence of any commercial availablesolution based on WH at the writing time. Particularly, dur-ing characterization experiments, the microcontroller has beenconfigured to generate an IEEE 802.15.4 frame (29 B) every500 ms.

In the first experiment, only one MC13192 transceiver(Rx A) has been evaluated, whereas the other transceiver (RxB) has been removed from the extension board. To characterizethis device, the receiving delay, i.e., the time difference between


Fig. 10. (a) Histrogram of the relative frequency of the MC13192 “receiving delay.” (b) Signal representation by means of persistence on a Digital StorageOscilloscope (DSO).

the commutation of the digital line “Tx_req”—driven by thetraffic generator at the beginning of a new transmission—andthe commutation of the “SFD1” signal—generated by the re-ceiver when a new message is received—has been measuredusing a high-stability counter (Agilent 53132A, option 010). Asexplained in Section IV, the latter signal is called SFD since itcan be related to the detection of the incoming packet SFD field.The distribution of the receiving delay signal has been reported(10 000 measurement samples) in Fig. 10(a), together withthe signal acquisition performed with an Agilent MSO6104Adigital storage oscilloscope with digital persistence turned onin Fig. 10(b). The average receiving delay is 800 μs, whereasthe maximum jitter is less than 5 μs. This offset is mainly dueto software delay in the transmitting node. The distribution isalmost uniform, and the maximum deviation from the averagevalue is 2.2 μs.

C. Timestamping Assignment Accuracy

One of the most important and probably sensitive activities ofa packet analyzer involves the assignment of the time referenceto each captured frame. Only in this way can one consistentlyrelate the events that occur on the network. For this reason, akey point of the test phase is the characterization of the probetimestamp assignment accuracy.

As explained in Section IV, the packet timestamp assignmentoccurs on the rising edge of the signal provided by the trans-ceiver to identify the detection of an incoming frame (the SFDsignal). Thus, the timestamping assignment accuracy of theinstrument can never be better than the accuracy of this signal.Consequently, it is important to characterize the behavior of thetransceiver when it receives a frame. The experimental setupconsists of the same traffic generator previously described andtwo MC13192 transceivers listening to the same RF channel.The adopted experimental setup is shown in Fig. 11. Thepacket length is 133 B, i.e., the maximum allowed by the IEEE802.15.4-PHY constraint. A digital delay line implementedwithin the FPGA has been adopted to postpone SFD1 withrespect to SFD2 to use the start–stop mode of the high-stabilitycounter (Agilent 53132A, option 010). This way, it is possibleto neglect the effects of jitter in the transmission path sincethe measurements performed can be represented by the randomvariable (RV) T as

T = (T2 + Δ) − T1 (1)

Fig. 11. Experimental setup for the estimation of the transceiver timestampingaccuracy.

where RVs T1 and T2 describe the incoming packet SFDdetection time by RXA and RXB, respectively, and RV Δdescribes the behavior of the digital delay line.

It is well known that if Xi=1,...,n are independent RVs, thenthe expected value of Y = ΣXi is E[Y ] = ΣE[Xi], whereasthe probability density function (pdf) pY (x) is simply theconvolution of the pdfs of X1,X2, . . . , Xn, that is,

pY (x) = pX1(x) ∗ · · · ∗ pXn(x). (2)

Moreover, if X0 = X − E[X], and δ is the Dirac delta func-tion, then it is also valid the following:

pX(x) = pX0(x) ∗ δ (x − E[X]) . (3)

To characterize the jitter in the SFD detection (which gives abound to the overall timestamping accuracy), it can be usefulto emphasize the behavior of the RV T with respect to itsaverage value. According to the definition given in (1), E[T ] =E[T2] − E[T1] + E[Δ]. If the following RVs are derived,i.e., T10 = T1 − E[T1], T20 = T2 − E[T2], and Δ0 = Δ −E[Δ], then it is possible to use (2) and (3) to obtain

pT0(x) = pT10(x) ∗ pT20(x) ∗ pΔ0(x). (4)

Equation (4) gives the pdf of the RV T0 = T − E[T ]. If bothtransceivers in RXA and RXB were identical, then pT10(x) =pT20(x) = pT12(x), and E[T ] = E[Δ]. For this reason, thecontribution of Δ has preliminary been measured using thecounter. The distribution of Δ, as obtained from a 6000-sample acquisition, can be considered uniform in the range


Fig. 12. (a) Histogram of the relative frequency of timestamping difference T0 between the two transceivers RXA and RXB. (b) Involved signals collected by aDSO with persistence.

U [〈Δ〉 − 10 ns, 〈Δ〉 + 10 ns] around the mean value 〈Δ〉 =200 μs imposed by design (U [a, b] is the uniform pdf existingin the range from a to b).

However, |E[T ] − E[Δ]| �= 0 results from all the experi-ments we executed. In detail, for all the measurements, thelimit |E[T ] − E[Δ]| ≤ TCK = 62.5 ns is true, where TCK isthe nominal period of the local oscillator of the transceiver. Thisbehavior is probably due to the different conditions in which thetransceivers operate with the algorithms that recover carrier andclock (e.g., uncorrelated clock sources . . .). Anyway, since theexperimental campaign has shown that the support of pΔ(x)is much smaller than the support of pT12(x), it is possibleto ignore its contribution and simplify the definition of pT (x)according to (3) and (4) as

pT (x) = pT0(x) ∗ δ (x − E[T ])

≈ pT12(x) ∗ pT12(x) ∗ δ (x − E[T ]) . (5)

This confirms that the proposed testbed makes it possibleto estimate the timestamping behavior of a generic singletransceiver T12 starting from measurements of T, avoiding anyunknown contribution due to jitter in the transmission path.

Fig. 12 shows the behavior of RV T0 resulting from a6000-sample acquisition. Comparing these experimental datawith the theoretical triangle distribution (red line superimposedin the same figure) obtained as convolution of two uniformdistributions, it is possible to state that the SFD detection per-formed by this device (MC13192) can be considered uniformlydistributed in the range from ±2 μs, i.e.,

pT12MC13192(x) = U [−2 μs, 2 μs]. (6)

It is also important to verify that the timestamping logicimplemented in the FPGA does not add any additional jitter.For this reason, the previous experimental setup has been usedto compare the time behavior of the digital line SFD and thebehavior of corresponding timestamps computed with the localreference time. Table III reports the summarizing results aboutthe overall timestamping assignment accuracy obtained withthe experimental setup shown in Fig. 13. The first row in thistable refers to the results already shown in Fig. 12, whereasthe second row is obtained by evaluating the distribution oftimestamping available through the measurement network and

TABLE IIITIMESTAMP ASSIGNMENT ACCURACY

collected by the WireShark program during the same observa-tion interval. It is evident that the timestamp logic does notsignificantly affect the accuracy of the system, whose mainlimitation remains the transceiver capability to detect the arrivalof an incoming packet.

The same conclusions are also inferred by observing Fig. 14,showing the behavior of three transceivers (S2, S3, and S4)with respect to a fourth reference device (S1). The distributions,obtained with a 6000-sample acquisition, illustrate the samebehavior in Fig. 12, confirming that the “input capture” imple-mented in the FPGA do not significantly alter transceiver signaldetection. This “cross analysis” also justifies the assumptionthat transceiver behavior is identical for every device hosted inthe probe.

This last experimental campaign also highlights the capabil-ity of the proposed instrument to simultaneously collect 133-B-long packets sent with a 100-Hz rate on four channels. In fact,it does not matter that all the transceivers are tuned on the sameRF channel; this choice is only dictated by the need to alignacquisitions of all transceivers with respect to the same packetwithout affecting the generality of the experiment itself.

VII. CONCLUSION

In this paper, the design and the performance assessmentof an innovative distributed instrument for WH have beendiscussed. According to the authors’ knowledge, it is the onlyinstrument that exploits a distributed approach and that is ableto simultaneously scan all of the 15 RF channels used by thestandard. Several experimental setups have been realized toverify the capability of the proposed tool to collect all the


Fig. 13. Experimental setup used to evaluate the effect of digital logic on timestamping accuracy.

Fig. 14. Histogram of the relative frequency distribution of timestampingdifference among different transceivers.

packets of a whole network together with their timestamps. Thisway, it is possible to track the network behavior, verifying thatdevices respect their own time slot deadline. To test the pro-posed instrument, the network traffic of an overloaded networkhas been emulated; all the 10-ms time slots are occupied by afull length packet and its acknowledge. In fact, real commercialWH devices are not easily available (many products are stillin the conformance test phase). The experimental results showthat all packets sent in the probe area coverage are correctlycaptured. Moreover, the receiving timestamp accuracy is onthe order of microseconds, as obtained using a specific testbedthat can compensate the transmitter jitter. Last but not least, itmust be highlighted that the flexibility and the scalability of theproposed approach make it suitable not only for WH but also forall the other standards intended for wireless sensor networks.

REFERENCES

[1] A. N. Kim, F. Hekland, S. Petersen, and P. Doyle, “When HART goeswireless: Understanding and implementing the WH standard,” in Proc.ETFA, Sep. 15–18, 2008, pp. 899–907.

[2] J. Song, H. Song, A. K. Mok, C. D. Lucas, and M. Nixon, “Wire-lessHART: Applying wireless technology in real-time industrial processcontrol,” in Proc. RTAS, Apr. 2008, pp. 377–386.

[3] T. Lennvall, S. Svensson, and F. Hekland, “A comparison of Wire-lessHART and ZigBee for industrial applications,” in Proc. WFCS,May 21–23, 2008, pp. 85–88.

[4] [Online]. Available: http://www.exegin.com/products/q51app.php[5] [Online]. Available: http://www.daintree.net/products/sna.php[6] C. M. De Dominicis, P. Ferrari, A. Flammini, E. Sisinni, M. Bertocco,

G. Giorgi, C. Narduzzi, and F. Tramarin, “Investigating WirelessHARTcoexistence issues through a specifically designed simulator,” in Proc.IEEE I2MTC, Singapore, May 5–7, 2009, pp. 1085–1090.

[7] M. De Biasi, C. Snickars, K. Landernas, and A. J. Isaksson, “Simulationof process control with WirelessHART networks subject to packet losses,”in Proc. IEEE CASE, Aug. 23–26, 2008, pp. 548–553.

[8] [Online]. Available: http://www.perytons.com/Peryton-M.html[9] [Online]. Available: http://www.hartcomm.org/hcf/news/pr2008/

WiAnalys.html[10] S. Han, J. Song, X. Zhu, A. K. Mok, D. Chen, M. Nixon, W. Pratt,

and V. Gondhalekar, “Wi-HTest: Compliance test suite for diagnosingdevices in real-time wirelessHART network,” in Proc. 15th IEEE Real-Time Embedded Technol. Appl. Symp., 2009, pp. 327–336.

[11] P. Ferrari, A. Flammini, D. Marioli, S. Rinaldi, E. Sisinni, andA. Taroni, “An innovative distributed instrument for WirelessHART test-ing,” in Proc. IEEE I2MTC, Singapore, May 5–7, 2009, pp. 1091–1096.

[12] WirelessHART Communication Network and Communication Profile,IEC/PAS 62591, Jan. 22, 2009.

[13] P. Ferrari, A. Flammini, D. Marioli, and A. Taroni, “A distributed in-strument for performance analysis of real-time Ethernet networks,” IEEETrans. Ind. Informat., vol. 4, no. 1, pp. 16–25, Feb. 2008.

[14] J. C. Eidson, Measurement, Control, and Communication Using IEEE1588. Cambridge, MA: Birkhäuser, 2006.

[15] [Online]. Available: http://www.freescale.com[16] [Online]. Available: http://www.nivis.com[17] [Online]. Available: http://www.e-senza.de[18] S. Nylund and Ø. Holmeide, “Migration towards IEEE1588 time syn-

chronization over gigabit Ethernet,” in Proc. Conf. IEEE 1588, Zurich,Switzerland, Oct. 10–12, 2005.

Paolo Ferrari (SM’01–M’04) was born in Brescia,Italy, in 1974. He received the degree (with honors)in electronic engineering and the Ph.D. degree inelectronic instrumentation from the University ofBrescia, Brescia, in 1999 and 2003, respectively.

He is currently a Researcher with the Departmentof Electronics for Automation, University of Brescia.His main research activities are signal conditioningand processing for embedded measurement instru-mentation, smart sensor, sensor networking, real-time Ethernet, and fieldbus applications.

Alessandra Flammini (M’99) was born in Brescia,Italy, in 1960. She received the degree (with honors)in physics from the University of Rome, Rome, Italy,in 1985.

From 1985 to 1995, she worked on the industrialresearch and development of digital drive control.Since 1995, she has been with the Department ofElectronics for Automation, University of Brescia,where she was a Researcher from 1995 to 2002and has been an Associate Professor since 2002.She teaches several courses about measurements in

industrial environments, digital electronics, and microprocessor-based systems.Her main research activity is the design of methods and digital electroniccircuits for numeric measurement instrumentation, sensor signal processing,smart sensor networking, and fieldbus applications.


Daniele Marioli (M’04) was born in Brescia, Italy,in 1946. He received the degree in electrical engi-neering from the University of Pavia, Pavia, Italy,in 1969.

He was an Associate Professor in applied electron-ics from 1984 to 1989 and has been a Full Professorof applied electronics since 1989 with the Universityof Brescia, Brescia. Since 1993, he has also beenthe Director of the Department of Electronics forAutomation, Faculty of Engineering, University ofBrescia. His main field activity is the design and

experimentation of analog electronic circuits for the processing of electricalsignals from transducers, with particular regard to S/N ratio optimization.

Stefano Rinaldi (SM’01–M’04) was born in Seriate(BG), Italy, in 1982. He received the degree (withhonors) in electronic engineering in 2006 and thePh.D. degree in electronic instrumentation from theUniversity of Brescia, Brescia, Italy. His Ph.D. thesiswas on “Instrumentation for Real Time Ethernet andReal Time Ethernet in instrumentation.”

He is currently with the Department of Electronicsfor Automation, University of Brescia. His mainresearch activities are focused on instruments forperformance analysis of industrial network, wireless

sensor network, smart sensor, sensor networking, real-time Ethernet, and field-bus applications.

Emiliano Sisinni (SM’02–M’05) was born inLauria (PZ), Italy, in 1975. He received thedegree in electronics engineering and the Ph.D. de-gree in electronic instrumentation from the Univer-sity of Brescia, Brescia, Italy, in 2000 and 2004,respectively.

Since 2005, he has been a Researcher (AssistantProfessor) with the Department of Electronics forAutomation, Faculty of Engineering, University ofBrescia. His research activity focuses on numericalsignal analysis, with particular interest in DSP-based

instrumentation. He has been involved in the developing of new NDT forferromagnetic materials using Barkhausen noise effect and the design ofhigh-resolution low-cost instrumentation for motion estimation using inductiveposition sensor or optical encoder. Recently, he has been involved in thedevelopment of the Department Wireless Sensor Networking Laboratory.

Documents

05411729