Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advantages of Time-Triggered Ethernet

Published byRosanna Anderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Advantages of Time-Triggered Ethernet"— Presentation transcript:

1 Advantages of Time-Triggered Ethernet
Christian Fidi Product Manager October 28th, 2015

2 Space Application Requirements

3 Space Application Requirements

4 Architecture Theory A System needs to ensure the:
Correctness of the data Voting or ensure that the received value is right Temporal correctness (time of use and order)  Synchronization There are two architectures supporting fault-tolerants: Voting architecture (voting or byzantine voting) Fail-Silent architecture (COM/MON or dual-core lock-step)

5 Replica Determinism: Example Stage Separation
Consider a rocket launch. The real-time system responsible for the stage separation system has three redundant channels: Channel 1 – Separation and Fire Boosters Channel 2 – No Separation and do not Fire Boosters Channel 3 – No Separation and Fire Boosters (Fault)  Majority – No Separation and Fire Boosters!  Temporal order within spare time needs to be guaranteed!

6 Voting Architecture–MIL1553 (TT)
3 redundant busses/lanes (1FT but not covering byzantine faults) Each Computer has one bus master node (bus controller) All Computers receive the messages from the other lanes where they are slave Precise synchronization has to be done between the lanes to be able to vote (state exchange) If one node fails than whole lane may be lost Voting is done in a two out of three manner [© 2010 Data Device Corporation. Distributed and Reconfigurable Architecture for Flight Control System]

7 Disadvantages Additional point to point communication needed to ensure low latency synchronization Multiple protocols are needed For synchronization, Deterministic data, High speed data Additional wiring needed Software needs to take care of: Precise synchronization Redundancy management Support different protocols Testing effort and hardware (since this is application specific)

8 Time-Triggered Communication
1. Globale Notion of Time Local clocks – free running Local view of global time 2. Message Schedule Copyright © TTTech Computertechnik AG. All rights reserved. Page 8

9 Synchronization Services
Clock Synchronization Service Clock Synchronization Service is executed during normal operation mode to keep the local clocks synchronized to each other. Startup/Restart Service is executed to reach an initial synchronization of the local clocks in the system. Integration/Reintegration Service is used for components to join an already synchronized system. Clique Detection Services are used to detect loss of synchronization and establishment of disjoint sets of synchronized components. Startup/Restart Service

10 FT Synchronized Global Time
Fault-tolerant synchronization services are needed for establishing a robust global time base in the sub-microsecond area

11 Permanence of PCFs Using the transparent_clock value, a receiver can determine the “earliest safe” point in time when a PCF becomes permanent: permanence_delay = max_transmission_delay – transparent_clock permanence_point_in_time = receive_point_in_time + permanence_delay Example: max_transmission_delay in this network is 0:30 frame F1 is transmitted by node A at 10:00 frame F2 is transmitted by node B at 10:05 frame F1 has a transmission delay A  C of 0:20. This is visible in F1’s transparent_clock frame F2 has a transmission delay B  C of 0:05. This is visible in F2’s transparent_clock receiver C sees: F2 arrives at 10:10, becomes permanent at 10:10 + (0:30 - 0:05) = 10:35 receiver C sees: F1 arrives at 10:20, F1 becomes permanent at 10:20 + (0:30 - 0:20) = 10:30  F1 becomes permanent before F2 B F2 10:05 F1 10:10 A C 10:20 Comp 10:00

12 External Clock Synchronization
External synchronization to e.g. PPS of the fault-tolerant clock

13 Time-triggered Traffic Timing
Full control of timings in the system Defined latency and sub-microsecond jitter Minimum memory needs Fault-containment regions I’ll expect M between 11:05 and 11:15 I’ll accept M only between 10:40 and 10:50 I’ll accept M only between 10:55 and 11:05 M M M …but sender and receiver still only do “I’ll transmit M at…” and “I’ll expect M at…” – the added complexity is in the network, not in the nodes I’ll forward M at 11:00 M I’ll transmit M at 10:45 I’ll forward M at 11:10 Let’s see if I can receive M …a switch

14 TTEthernet Traffic Partitioning
TTEthernet provides a set of time-triggered services implemented on top of standard IEEE 802.3 Ethernet. These services are designed to enable design of synchronous, highly dependable embedded computing and networking systems, capable of tolerating multiple faults. With TTEthernet, robustly partitioned multimedia data streams, critical control data and standard LAN messages can operate in one network without congestion or unintended interactions. On this slide, four synchronous time-triggered Ethernet streams are shown in red. They are robustly separated from other asynchronous priority-based or rate-constrained datastreams such as IEEE DCB or AVB, and other lower-priority standard Ethernet traffic. Page 14

15 Extensions & Standard Ethernet
Time-triggered extensions for standard switched Gigabit-Ethernet Startup Recovery Robust fault-tolerant distributed clock Makes Ethernet viable for safety-critical distributed applications!

16 Fault-Containment Regions in TTEthernet
TTEthernet defines Switches and End Systems as two kinds of Fault-Containment Regions. Frame loss is mapped to the respective sender. Depending on cost and reliability targets, switches and or end systems may be implemented with standard or high-integrity in order to be able to scale from single to dual fault tolerance. Protocol mechanisms can be configured to handle Strictly Omissive Asymmetric switch faults (HI) and fully Transmissive Asymmetric end system faults (SI).

17 High-Integrity: Self-Checking Pair
High integrity design: Self checking pair Two processor that execute same function in parallel Comparator checks output of both processors. If one processor fails (maliciously) and generates wrong data, second processors shuts down. Self-checking pair ensures fail-silence !

18 Requirement: Easy “System of Systems” Fusion
Priority 1 time-triggered Priority 2 SoS architecture with TTEthernet supports reconfiguration Several separate vehicles or elements fuse into a new combined network configuration architecture is coupled together through Virtual Backplane The Integrated Systems ideal for system of systems individual systems come together > coupled through fusion of Virtual Backplane predetermined, yet dynamic, re-configuration of the individual computing element’s configuration tables enables the several free-flying elements start a mission with individual state vectors, to fuse into a combined configuration that share a new, common set of state vectors. 18

19 TTE-Controller  Switch Controller COM  Switch Controller MON
End System IP/UDP ARINC653 Partitions support in HW  CPU Management & Diagnostics Available in Q3/2016

20 Software Tools and Development Systems
TTEthernet Products TTEthernet TTESwitches A664 Software Tools and Development Systems TTEVerify (for DO cert.) TTETools (development) Switch Controller SMC 6U VPX* TTECOM TTESync Lib (middleware) TTEEnd Systems A664 Upcoming key product launches ( ) PMC Lab End System Controller PMC Pro ARINC 653 v4.0 Linux v4.0

21 Cross Industry © NASA Sikorsky S97 Raider NASA Orion Vestas Wind Turbines TTEthernet Examples of Reliable Safety Critical Networks Audi Piloted Driving Aribus DS Ariane 6 Oil Platform

22 Conclusion The protocol and implementation supports
Synchronization Deterministic communication Fault-tolerance But also allows the flexibility of the standard Ethernet  Reduces SW complexity Space graded components are up coming The environment is developed cross industry (embedded SW, tools, test- and development equipment)

23 Thank You! Any Questions?

Download ppt "Advantages of Time-Triggered Ethernet"

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Time-Triggered Protocol

Time-Triggered Protocol
COMPUTER NETWORK TOPOLOGIES

COMPUTER NETWORK TOPOLOGIES
System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.
Www.tttech.com Copyright © 2009, TTTech Computertechnik AG. All rights reserved; may be published with permission by MAPLD 2009 Reliable Synchronization.

Copyright © 2009, TTTech Computertechnik AG. All rights reserved; may be published with permission by MAPLD 2009 Reliable Synchronization.
Advantages of Deterministic Ethernet for Space Applications

Advantages of Deterministic Ethernet for Space Applications
Bus Architectures for Satety- Critical Embedded Systems --by Harit Desai.

Bus Architectures for Satety- Critical Embedded Systems --by Harit Desai.
Carnegie Mellon R-BATCH: Task Partitioning for Fault-tolerant Multiprocessor Real-Time Systems Junsung Kim, Karthik Lakshmanan and Raj Rajkumar Electrical.

Carnegie Mellon R-BATCH: Task Partitioning for Fault-tolerant Multiprocessor Real-Time Systems Junsung Kim, Karthik Lakshmanan and Raj Rajkumar Electrical.
Master/Slave Architecture Pattern Source: Pattern-Oriented Software Architecture, Vol. 1, Buschmann, et al.

Master/Slave Architecture Pattern Source: Pattern-Oriented Software Architecture, Vol. 1, Buschmann, et al.
Lecture Objectives: 1)Explain the limitations of flash memory. 2)Define wear leveling. 3)Define the term IO Transaction 4)Define the terms synchronous.

Lecture Objectives: 1)Explain the limitations of flash memory. 2)Define wear leveling. 3)Define the term IO Transaction 4)Define the terms synchronous.
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.

Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
Overview of PTIDES Project

Overview of PTIDES Project
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
TTP ® - As Predictable as Time 1 Copyright © 2002, TTTech Computertechnik AG. All rights reserved. TTTech Powernode As a Linux Prototyping Platform for.

TTP ® - As Predictable as Time 1 Copyright © 2002, TTTech Computertechnik AG. All rights reserved. TTTech Powernode As a Linux Prototyping Platform for.
7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.
The Rare Glitch Project: Verifying Bus Protocols for Embedded Systems Edmund Clarke, Daniel Kroening Carnegie Mellon University.

The Rare Glitch Project: Verifying Bus Protocols for Embedded Systems Edmund Clarke, Daniel Kroening Carnegie Mellon University.
Page 1 Copyright © 2002-2010 Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.

Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.

Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.
Network Topologies.

Network Topologies.

Similar presentations

Ads by Google