Redundancy failover based on PLC communication loss and recovery

a.moutska · March 23, 2026, 8:21pm

Hello everyone,

I am using Ignition 8.3.4 with Perspective and a gateway redundancy architecture in Master/Backup mode.

My setup is the following:

* Each gateway server has two network cards.

* One network card is dedicated to communication between the Master and Backup gateways.

* The second network card is used for communication with the PLCs.

* Both servers have their own independent connection to the PLC network

From the documentation, I understand that redundancy failover happens when the two gateways lose communication with each other. However, this is not sufficient for my application.

What I need is the following:

* If the Master gateway loses communication with the PLC, I want the system to switch to the Backup gateway, even if the Master and Backup gateways are still communicating normally.

* Then I want the system to switch back to the Master gateway only when PLC communication is restored and confirmed healthy.

In my architecture, the two gateways are directly connected with a dedicated Ethernet cable for redundancy, so it is very unlikely that communication between the gateways will be lost.

The more important requirement in my application is continuous PLC connectivity.

Additional details:

* Each gateway has a separate cable connected to managed Siemens switches.

* These switches are arranged in a ring topology with the PLC hardware.

* Because of this network design, the critical issue is not gateway-to-gateway communication, but gateway-to-PLC communication health.

My main questions are:

1. Is there a way to force redundancy failover from Master to Backup when the Master loses PLC communication, even though the redundancy link between gateways is still healthy?

I have already implemented this part, but if anyone has experience with a better or more robust approach, please feel free to share.

2. How can I reliably detect that the Master has fully restored healthy PLC communication, so that I can switch back to it safely?

3. How can I implement a proper cooldown or hysteresis mechanism, so the system does not continuously switch between Master and Backup, but instead performs a stable and robust transition only when necessary?

If anyone has implemented something similar, or has suggestions for how to handle this architecture, I would really appreciate your input.

If more details are needed about the concept or network design, I can provide them.

Thank you.

pturmel · March 23, 2026, 8:49pm

This is a recipe for split-brain. Do not do this.

Your redundant gateways must be connected to each other with the same infrastructure that connects to databases and field devices. It is imperative that comms loss at the gateway takes down all PLC comms at the same time as comms to the other gateway.

Use multi-VLAN trunks with Rapid Spanning Tree across all links if you need multiple subnets at the gateways.

a.moutska · March 23, 2026, 9:10pm

My concern is that I need to use a single Ethernet port to communicate with the master/backup gateways, the PLC, the databases, and the clients view. Where the multi-VLAN trunk configuration should be applied on my computer’s network interface card or on the managed switch. Could you please share more details on the correct setup?

pturmel · March 23, 2026, 9:11pm

Both. Or on the switch and your hypervisor.