Target releaseCANtactor v1
Document status
Document owner


  • Provide a first pass PoC of a Contactor controlled by CAN bus

Background and strategic fit

This will be used by the Interlock Solution


Requirements / HW

#TitleUser StoryImportanceNotes
1CAN Bus enabledControl of the node will be done over CAN-FD from the primary CANtroller of the interlock system.Must Have
  • Recommend also having side-band Digital I/O enabled on/off for testing
2uController in node

a small uC will generally be required in order to handle the CAN bus and the desired sensors.

The uC should be relatively generic, such that if it needed to be changed it could be replaced with a different device.

3SafetyThe device needs to be safe, and should exceed basic safety ratings.Critical for Safety
  • All circuits carrying > 24V should be analyzed for safety. No Waivers.
  • Creepage and Clearance requirements should specified and enforced.
  • Reinforced insulation and Double Insulation should be considered.
  • High-Pot testing should be performed before system is put in service
  • Enclosure should require tool usage in order to access >24v circuits
  • Warning Signs should be evident
4Voltage Measurement
Nice to Have / Future
  • Voltage ADC should be fairly generic such that it can be replaced.
  • Voltage ADC should be isolated from uC via magnetic or optical isolation
  • Some uC may already include an ADC that can be used.
5Current MeasurementBeing able to determine if the machine is on/off by current measurement will be useful.Nice to Have / Future
  • Current ADC should be fairly generic such that it can be replaced.
  • Current ADC should be isolated from uC via magnetic or optical isolation
  • Some uC may already include an ADC that can be used.

Much of the wiring in the device will handle high currents and high loads, and will need to survive for years.

Critical for Safety
  • Ensure that all wiring is properly insulated
  • CAN Wiring will have twists (typically 40/meter for old CAN, TBD for CAN-FD)
7IndicatorsA user should be able to see the status of the device easily when near it.Must Have
  • LED on input power indicating Powered / Unpowered
  • LED on output power indicating Powered / Unpowered
  • Consider LED on uC indicating node connected to CANtroller and blink for CAN activity vs node not connected to CANtroller.
8TerminationCAN bus needs terminationTBD
  • Termination strategy is TBD
9Contactor UnitThe system should use a NEMA General Purpose Contactor.

Coil will need a transorb to catch the spikes

Applies to both the large contactor and the small relay

Requirements / SW

#TitleUser StoryImportanceNotes
1GitHub based S/WFuture developers and maintainers will want access to the code.Critical
  • Code must be maintained on DMS GitHub
2CAN LibraryCAN library should ideally be common between the CANtroller and CANtacterNice to Have
  • Differences in uC may make this difficult
  • Consider CANopen and CANopen-stack
3CAN UsageThe usage of the CAN bus should be very well defined and common between CANtroller and CANtacterMust Have
  • Keep the same RFC / APR for the usage of the CAN bus
4Node IDEach node should have a unique ID and should be able toMust Have
5Prevent_Off_when_runningCutting power to a high powered device while it is in operation can be damaging.Must Have
  • CANtactor can Deny a CANtroller request to turn off
  • TBD: should CANtactor shut down when safe, or should it wait for continued requests from CANtroller?
611bit vs 29bit addressing?TBD



User interaction and design


Below is a list of questions to be addressed as a result of this requirements document:


Brooks Przybylek: Out of curiosity, why not a web server with an api and just have the interlocks on the network? I’m not sure how reasonable a load that’d be for the network but if you’re doing esp the hardware is there and no need to worry about wiring, power will be at the device anyway

Jack: a web server could always be added later... as a function of the controller. I wasn't planning to put one in the contactor box... as I'd rather not have power on/off to the machinery changed without the local controller being involved. (the CAN bus would be from the controller to the contactor)

Not Doing