Mixed-Criticality Systems Based on Time- Triggered Ethernet with - - PowerPoint PPT Presentation

mixed criticality systems based on time triggered
SMART_READER_LITE
LIVE PREVIEW

Mixed-Criticality Systems Based on Time- Triggered Ethernet with - - PowerPoint PPT Presentation

Dec 13, 2023 208 likes •442 views

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies University of Siegen Mohammed Abuteir, Roman Obermaisser Naturwissenschaftlich-Technische Fakultt Department Elektrotechnik und Informatik / Embedded

slide-1
SLIDE 1

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies University of Siegen Mohammed Abuteir, Roman Obermaisser

slide-2
SLIDE 2

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Mixed-Criticality Systems

2

  • Need for mixed-criticality systems due to

pressing requirement to reduce the number of nodes and cables

  • Integration of functions with different

importance and certification assurance levels

  • n a shared computing platform
  • Validation of each subsystem to the respective

criticality and modular certification

slide-3
SLIDE 3

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Requirements for the Communication Network of Mixed-Criticality Systems

3

  • Timing Requirements

– Fault-tolerant global time with high precision – Bounded latency and low jitter

  • Encapsulation and Fault Containment

– Absence of interference and unintended side-effects due to integration – Fault containment using time and space partitioning – Foundation for modular certification

  • Heterogeneity of Mixed-Criticality Systems

– Multiple assurance levels (e.g.,SIL1-4 in IEC61508,Class A-E in DO178B) – Different reliability and fault-tolerance requirements – Different timing models (e.g., periodic, sporadic and aperiodic activities)

slide-4
SLIDE 4

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Real-Time Ethernet in Mixed-Criticality Systems

4

  • Time-Triggered Ethernet (TTE)

– Time-triggered communication according to a static TDMA scheme – Contention with rate- constrained and best-effort communication resolved using timely blocking, shuffling or preemption

  • Avionics Full-Duplex Switched Ethernet (AFDX)

– Rate-constrained virtual links and priorities – Bounded timing effects between virtual links

slide-5
SLIDE 5

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Fault Assumptions

5

  • End systems, switches and physical links regarded

as Fault Containment Regions (FCR)

  • Failure modes based on IEC61508-2

– Component crash – Link failures – Omission – Corruption – Delay – Babbling idiot – Masquerading

  • Single failure of an end system or detectably

faulty behavior of switch

slide-6
SLIDE 6

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

System Model of Ring-Based Real-Time Ethernet Architecture

6

  • Non-redundant and redundant end-systems
  • Connection of end systems to switches in star topology
  • Interconnection of switches in ring topology
  • Interconnection of rings using peripheral switches

Switch 1.1 Switch 1.2 Switch 1.3 Switch 1.4 End System 1.1 End System 1.7 End System 1.2 End System 1.3 End System 1.4 End System 1.6 End System 1.5 Switch 2.1 Switch 2.2 Switch 2.3 Switch 2.4 End System 2.1 End System 2.2 End System 2.3 End System 2.4 End System 2.6 End System 2.5 End System 2.7 Peripheral Switch 1 Peripheral Switch 2

slide-7
SLIDE 7

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

End Systems

7

  • Safety-critical end system

– RC and TT messages on double channels – BE can exploit two channels for higher bandwidth – Connection to two switches

  • Non safety-critical end system

– Non redundant channel to one switch – Support for replication of messages at first switch

slide-8
SLIDE 8

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Conceptual Switch Model

8

  • Bridge forwards

messages between ingress and egress queues

  • Schedule for time-

triggered messages

  • Bandwidth Allocation

Gap (BAG) and jitter for each virtual link

  • MAC layer and physical

layer based on 802.1 and 802.3

slide-9
SLIDE 9

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Redundancy Management

9

  • Hides the path and latency of the redundant

messages

  • Establishment of redundancy

– Outgoing time-triggered and rate-constrained messages from non safety-critical end systems – First switch that meets rate-constrained or time- triggered traffic creates copies of an incoming message – Transmission using redundant paths of the ring

  • Fusion of redundant messages

– Last switch of a message’s path to a non safety-critical end-system – Safety-critical end-systems fuse internally

slide-10
SLIDE 10

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Redundancy Management (RM) Layer

10

  • Time-triggered Messages

– RM layer interfaces with the time-triggered scheduling layer to hide the redundant paths and to perform the deduplication of time-triggered messages – RM layer checks the corresponding virtual-link buffer before the sending time and takes the decision to send on

  • f the redundant time-triggered messages accordingly

– Establishment of deterministic timing (e.g., no effect on timing due to an omission failure on a redundant channel)

  • Rate-constrained

messages

– Sequence number – first valid wins policy

TT Message VL1 Redundant TT Message VL1

Redundancy Management Decision

slide-11
SLIDE 11

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Error Detection and Containment

11

  • Error detection by MAC layer (e.g., CRC)
  • Time-triggered traffic

– Reception from correct ingress port – Specified receiving window – Protection of receiving end systems and channels (e.g., babbling idiot, masquerading) – Dedicated guaranteed buffer capacity for different virtual links (and different criticalities)

  • Rate constrained traffic

– Violation of BAG – Dedicated guaranteed buffer capacity

  • Best effort

– Error detection and containment based on standard Ethernet – Spanning Tree Protocol

slide-12
SLIDE 12

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

End System

12

  • Fork layer maps

messages to applications

  • Time-triggered clock

layer transmits messages according to the schedule

  • Rate-constrained

shaper enforces BAG at end system

  • TTE controller layer

sends messages according to their priority

End System Physical Layer MAC Layer MAC interface TTE controller BE Priorty RC Shaper Application layer Fork Layer TT clock Application #2 Application #n Application #1 Physical Layer MAC Layer

slide-13
SLIDE 13

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Evaluation based on Simulation

13

  • TTEthernet simulation environment based on OPNET
  • Simulation building blocks for switches and end

systems

  • Simulation of MAC and physical layer from previous

work ES_ 1 ES_ 5 ES_ 7 ES_ 6 ES_ 4 SW_1 SW_4 SW_3 SW_2

Link #3 Link #4 Link #5 Link #6 Link #2

ES_ 2 ES_ 3

slide-14
SLIDE 14

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Example Scenario

14

ES_ 1 ES_ 5 ES_ 7 ES_ 6 ES_ 4 SW_1 SW_4 SW_3 SW_2

Link #3 Link #4 Link #5 Link #6 Link #2

ES_ 2 ES_ 3

slide-15
SLIDE 15

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Example

15

ES_ 1 ES_ 5 ES_ 7 ES_ 6 ES_ 4 SW_1 SW_4 SW_3 SW_2

Link #3 Link #4 Link #5 Link #6 Link #2

ES_ 2 ES_ 3

slide-16
SLIDE 16

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Results (1)

16

Latency Jitter Latency Jitter Latency Jitter 1 App.1 ES 1 0,10 0,00 0,10 0,00 0,10 0,00 2 App.4 ES 1 1,02 0,00 1,02 0,00 1,02 0,00 3 App.7 ES 2 93,97 93,95 97,91 97,89 122,02 122,00 4 App.2 ES 3 134,05 126,00 146,07 146,02 5 App.7 ES 3 155,19 155,14 177,25 177,22 6 App.1 ES 4 0,09 0,00 0,09 0,00 0,09 0,00 7 App.2 ES 4 138,79 138,76 158,05 158,02 139,75 139,05 8 App.4 ES 4 2,03 0,00 2,03 0,00 2,03 0,00 9 App.5 ES 4 70,09 68,27 70,09 68,27 97,66 97,64 10 App.3 ES 5 5,07 0,00 5,07 0,00 5,07 0,00 11 App.5 ES 5 61,65 61,64 61,68 61,67 88,26 88,17 12 App.2 ES 6 132,10 132,05 138,81 138,76 100,16 100,13 13 App.6 ES 6 92,00 91,97 100,06 98,86 102,11 102,09 14 App.3 ES 7 0,01 0,00 0,01 0,00 0,01 0,00 15 App.6 ES 7 98,06 78,73 98,14 98,13 112,26 112,25 Fault Injection Application Type ID Sender Fault Free Case Babbling Idiot Failure (ES3) Omission Failure (SW3) Fault Injection

slide-17
SLIDE 17

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Results (2)

17

Latency Jitter Latency Jitter Latency Jitter 1 App.1 ES 1 0,10 0,00 0,10 0,00 0,10 0,00 2 App.4 ES 1 1,02 0,00 1,02 0,00 1,02 0,00 3 App.7 ES 2 119,91 119,89 90,01 89,99 93,97 93,95 4 App.2 ES 3 110,30 110,23 76,05 75,99 132,05 124,00 5 App.7 ES 3 151,39 151,37 151,16 151,14 155,19 155,14 6 App.1 ES 4 0,09 0,00 0,09 0,00 0,09 0,00 7 App.2 ES 4 138,79 138,76 142,19 141,85 166,07 166,03 8 App.4 ES 4 2,03 0,00 2,03 0,00 2,03 0,00 9 App.5 ES 4 70,09 68,27 71,05 69,04 70,08 68,26 10 App.3 ES 5 5,07 0,00 5,07 0,00 5,07 0,00 11 App.5 ES 5 57,89 57,88 65,68 65,67 161,65 161,64 12 App.2 ES 6 134,05 126,04 137,20 157,18 132,10 132,05 13 App.6 ES 6 92,00 91,97 96,00 95,98 100,05 100,02 14 App.3 ES 7 0,01 0,00 0,01 0,00 0,01 0,00 15 App.6 ES 7 97,09 88,38 78,09 78,03 98,06 78,73 Omission Failure (L2) Link Failure (L3) Delay Failure (ES5) Application Type ID Sender

slide-18
SLIDE 18

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Discussion – Selective Fault-Tolerance

18

  • Balanced tradeoff between cost and fault-

tolerance

  • Fault-tolerance can be adjusted at the level of

end systems and individual messages

– Redundant end-systems with duplicate messages – Redundant end-systems with single messages – Non redundant end-systems with duplicate messages – Non redundant end-systems with single messages

slide-19
SLIDE 19

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Discussion – Ring Topology

19

  • Network topologies in the state-of-the-art differ

w.r.t. performance metrics such as throughput, maximum channel load, latency and fault-tolerance

– Backbone: limited scalability and common failure modes – Complete graph: prohibitive cost and limited scalability –

  • dimensional mesh with degree of

, edge connectivity

  • f , diameter of
  • , and bisection bandwidth
  • f
  • – Ring with

switches is ideal for single fault hypothesis

  • ffering a diameter of
  • , edge connectivity of 2 and

bisection bandwidth of 2

slide-20
SLIDE 20

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Discussion – Ring Topology

20

  • Network topologies in the state-of-the-art differ

w.r.t. performance metrics such as throughput, maximum channel load, latency and fault-tolerance

– Backbone: limited scalability and common failure modes – Complete graph: prohibitive cost and limited scalability – Ring with switches is ideal for single fault hypothesis

  • ffering a diameter of
  • and edge connectivity of 2
slide-21
SLIDE 21

Naturwissenschaftlich-Technische Fakultät

Department Elektrotechnik und Informatik / Embedded Systems

Conclusion

21

  • Increasing importance of mixed-criticality

systems

  • Heterogeneous requirements concerning

timing models, reliability and fault-tolerance

  • Temporal and spatial partitioning is the

foundation for mixed-criticality integration and modular certification

  • Ring-based real-time Ethernet network with

selective fault-tolerance and balanced trade-

  • ff between cost and reliability