An Introduction to TTEthernet

Similar documents
Computer Networks for Space Applications

Deterministic Ethernet as Reliable Communication Infrastructure for Distributed Dependable Systems

Distributed IMA with TTEthernet

Dependability Entering Mainstream IT Networking Standards (IEEE 802.1)

Dependable Computer Systems

Time-Triggered Ethernet

Developing deterministic networking technology for railway applications using TTEthernet software-based end systems

Deterministic Ethernet & Unified Networking

Deterministic Networking Lab

Theory, Concepts and Applications

Field buses (part 2): time triggered protocols

Distributed Embedded Systems and realtime networks

Systems. Roland Kammerer. 10. November Institute of Computer Engineering Vienna University of Technology. Communication Protocols for Embedded

16 Time Triggered Protocol

Chapter 39: Concepts of Time-Triggered Communication. Wenbo Qiao

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

FlexRay International Workshop. Protocol Overview

An Encapsulated Communication System for Integrated Architectures

Evaluation of numerical bus systems used in rocket engine test facilities

Design and Realization of TTE Network based on EDA

Enhanced Ethernet Switching Technology. Time Applications. Rui Santos 17 / 04 / 2009

Task- and Network-level Schedule Co-Synthesis of Ethernet-based Time-triggered Systems

DTU IMM. MSc Thesis. Analysis and Optimization of TTEthernet-based Safety Critical Embedded Systems. Radoslav Hristov Todorov s080990

CORBA in the Time-Triggered Architecture

A Fault Management Protocol for TTP/C

MODEL-BASED ANALYSIS OF TIMED-TRIGGERED ETHERNET

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

3. Quality of Service

Atacama: An Open Experimental Platform for Mixed-Criticality Networking on Top of Ethernet

ARTIST-Relevant Research from Linköping

Communication in Avionics

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

MODEL-BASED ANALYSIS OF TIMED-TRIGGERED ETHERNET

Time Triggered and Event Triggered; Off-line Scheduling

Discussion of Failure Mode Assumptions for IEEE 802.1Qbt

A Time-Triggered Ethernet (TTE) Switch

Applying CORBA to embedded time-triggered real-time systems. S. Aslam-Mir (Sam) Principal CORBA Architect Vertel USA

SPIDER: A Fault-Tolerant Bus Architecture

Reaching for the sky with certified and safe solutions for the aerospace market

FlexRay and Automotive Networking Future

Technology for Adaptive Hard. Rui Santos, UA

Real-Time (Paradigms) (47)

SMT-Based Formal Verification of a TTEthernet Synchronization Function

A Multi-Modal Composability Framework for Cyber-Physical Systems

Simulation-Based Fault Injection as a Verification Oracle for the Engineering of Time-Triggered Ethernet networks

ESA ADCSS Deterministic Ethernet in Space Avionics

DRAFT. Dual Time Scale in Factory & Energy Automation. White Paper about Industrial Time Synchronization. (IEEE 802.

Drive-by-Data & Integrated Modular Platform

RT-Link: A global time-synchronized link protocol for sensor networks Anthony Rowe, Rahul Mangharam, Raj Rajkumar

Consolidation of IT and OT based on Virtualization and Deterministic Ethernet

ISO INTERNATIONAL STANDARD. Road vehicles FlexRay communications system Part 2: Data link layer specification

BMW Group Technology Office Palo Alto Automotive Use Cases AVB in a vehicular environment.

Distributed Algorithms Models

Implementation of the hardwired AFDX NIC

AVB Gen 2: the Next Step. Michael Johas Teener Plumbing Architect and Sr. Technical Director, Broadcom Corp,

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Real-Time Communications. LS 12, TU Dortmund

02 - Distributed Systems

AVB in Automotive Infotainment Networks

Scheduling Real-Time Communication in IEEE 802.1Qbv Time Sensitive Networks

Introduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Why an additional Shaper

Diagnosis in the Time-Triggered Architecture

02 - Distributed Systems

Introduction to Real-Time Communications. Real-Time and Embedded Systems (M) Lecture 15

DESIGN AND IMPLEMENTATION OF AN AVIONICS FULL DUPLEX ETHERNET (A664) DATA ACQUISITION SYSTEM

Optimization of TTEthernet Networks to Support Best-Effort Traffic

Embedded Systems. 8. Communication

A Framework for the Formal Verification of Time-Triggered Systems

Communication (III) Kai Huang

IEEE Time-Sensitive Networking (TSN)

Embedded Software Engineering

INTERMEDIATE DANTE CONCEPTS. Dante Certification Program Level 2

E Copyright VARAN BUS USER ORGANIZATION 06/2015. Real Time Ethernet VARAN Bus

Lecture 2. Basics of networking in automotive systems: Network. topologies, communication principles and standardised protocols

Towards a European Strategy for Cyber Physical Systems

Data Networks. Lecture 1: Introduction. September 4, 2008

Schedule Integration for Time-Triggered Systems

DISTRIBUTED REAL-TIME SYSTEMS

Drive Control via EtherNet/IP using CIP Motion and CIP Sync Profile Extensions

2. REAL-TIME CONTROL SYSTEM AND REAL-TIME NETWORKS

Simulation-Based FlexRay TM Conformance Testing an OVM success story

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

Today. Last Time. Motivation. CAN Bus. More about CAN. What is CAN?

Distributed Systems (ICE 601) Fault Tolerance

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Performance and Quality-of-Service Analysis of a Live P2P Video Multicast Session on the Internet

Timing Analysis of Rate Constrained Traffic for the TTEthernet Communication Protocol

FlexRay The Hardware View

Computer Communication & Networks / Data Communication & Computer Networks Week # 03

Computing and Communications Infrastructure for Network-Centric Warfare: Exploiting COTS, Assuring Performance

Implementing a NTP-Based Time Service within a Distributed Middleware System

Model-Based Design of Automotive RT Applications

First GENESYS Architectures Implemented in the INDEXYS Project

Shared, Multi-Hop Networks and End-to-End Arguments

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

TU Wien. Fault Isolation and Error Containment in the TT-SoC. H. Kopetz. TU Wien. July 2007

The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard.

WebSphere MQ Low Latency Messaging V2.1. High Throughput and Low Latency to Maximize Business Responsiveness IBM Corporation

Transcription:

An Introduction to thernet TU Vienna, Apr/26, 2013 Guest Lecture in Deterministic Networking (DetNet) Wilfried Steiner, Corporate Scientist wilfried.steiner@tttech.com Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 1

What They Have in Common Boeing 787 NASA Orion Reliable Networks from TTTech Audi A8 Airbus A380 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 2

Future Markets for Real-Time Fault-Tolerant Communication Requirements on a communication infrastructure for future markets Real-time requirements Fault tolerance requirements Low cost Low power Low weight Low size Consumer acceptance A system failure potentially leads to Loss of life Loss of economic assets Loss of research results Loss of power Loss of quality of service (QoS) Any bad thing we can think of Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 3

Closed and Open World Communication Closed World Communication Performance guarantees: real-time, dependability, safety Standards: ARINC 664, ARINC 429, TTP, MOST, FlexRay, CAN, LIN, Applications: Flight control, powertrain, chassis, passive and active safety,.. Validation & verification: Certification, formal analysis,... Open World Communication No performance guarantees: best efforts Standards: Ethernet, TCP/IP, UDP, FTP, Telnet, SSH,... Applications: Multi-media, audio, video, phones, PDAs, internet, web, Validation & verification: No certification, test, simulation,... High cost Low cost We see a market requirement to use the same physical network for data flows from both worlds. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 4

Mixed-Criticality Systems Windows PC Windows PC Open Networks How to share system resources and partition critical and non-critical distributed functions? Linux Server Standard IEEE802.3 Ethernet LAN Network thernet F2 F4 F1 F2 F3 F4 F1 F2 F4 Time and space partitioned OS F1 F2 F3 F4 Time and space partitioned OS Time and space partitioned OS Time and space partitioned OS Safety-, Time- or Mission-Critical System Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 5

Traffic Classes thernet provides several traffic classes in parallel: time-triggered, rate-constrained, and best-effort Time-Triggered: dispatch messages according a predefined communication schedule Rate-Constrained: enforce minimum duration between two frames of the same stream Best-Effort: standard Ethernet communication paradigm no temporal guarantees are given Layer 3-7 Application Time-Triggered Extension Ethernet IEEE 802.3 thernet 40 msec 40 msec 40 msec TT1 TT2 RC RC BE TT1 BE RC TT2 BE TT1 RC BE RC TT2 TT1 BE BE RC RC 30 msec 30 msec 30 msec 30 msec TT1 TIME Longest Communication Cycle in this Example: LCM(30,40) = 120msec Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 6

thernet, a Communication Infrastructure Highlight: Flexible Integration and COTS Backward Compatible ETH FX CAN FX CAN FX CAN FX CAN <1 Mbit/sec FX < 10 Mbit/sec FX 1 Gbit/sec TTP TTP TTP TTP 100 Mbit/sec Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 7

The Motivation for Ethernet Ethernet hardware is low cost. Ethernet is a well-established open-world standard and very scaleable. The OSI reference model gives a well-structured classification of concepts that can be built on top of Ethernet. Existing tools can be leveraged as cost-efficient diagnosis tools. As all messages in thernet are standard Ethernet compliant, existing tools can be leveraged for time-triggered messages as well. Standard web servers can be leveraged for maintenance and configuration. Engineers learn about Ethernet at school. Ethernet compatibility enables the usage of technology that is established, tested, and verified. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 8

Outline Prerequisites for Safe and Deterministic Communication Asynchronous vs. Synchronous Communication Clock Synchronization and Fault-Tolerant Clock Synchronization Formal Verification Activities Utilization of Safe and Deterministic Communication Time-Triggered Communication Constraints in Multi-Hop Networks Integrated communication for mixed-criticality systems Combined Time-Triggered / Rate-Constrained / Best-Effort Communication Tooling Overview Summary Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 9

Outline Prerequisites for Safe and Deterministic Communication Asynchronous vs. Synchronous Communication Clock Synchronization and Fault-Tolerant Clock Synchronization Formal Verification Activities Utilization of Safe and Deterministic Communication Time-Triggered Communication Constraints in Multi-Hop Networks Integrated communication for mixed-criticality systems Combined Time-Triggered / Rate-Constrained / Best-Effort Communication Tooling Overview Summary Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 10

Ethernet = Asynchronous Communication NIC NIC NIC SWITCH X SWITCH X NIC NIC NIC X NIC NIC Asynchronous Communication Transmission Points in Time are not predictable Transmission Latency and Jitter accumulate Number of Hops has a significant impact Usually solved by High Wire-Speeds & Low Utilization and/or Priorities Problem of ``Indeterminism remains SWITCH NIC NIC NIC Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 11

Adding Clock Synchronization to Ethernet Eth Time Master IN 1 Eth Enabler for Synchronous Operation: Synchronized Global Time 1588 1588 Communication Schedule Eth Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 12

Quality of Clock Synchronization: Precision In an ensemble of clocks, the precision is defined as the maximum distance between any two synchronized nonfaulty clocks at any point in real time. Late Clock Perfect Clock Early Clock Page 13

Time-Triggered Operation Time-Division Multiple-Access Communication Composable network Complexity reduction and faster integration Fault tolerant communication system Node A send receive receive t 1 t 2 t 3 Node B receive send receive t 1 t 2 t 3 Node C receive receive send t 1 Slot t 2 t 3 time Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 14

Synchronous Communication (TT) NIC NIC NIC SWITCH SWITCH NIC NIC NIC X NIC NIC Synchronous Communication SWITCH NIC X Exactly one order of messages M i (in contrast to PERM(M i ) in async. comm) NIC NIC Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 15

Example: 1,000 Frames (Industrial-Sized) 2 1 Dataflow Links are enumerated on the x-axis 3 4 6 5 1 2 X Time-Triggered Only Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 16

Single-Master Synchronization Eth IN 1 IN 1 IN 1 IN 1 IN 1 IN 1 IN 1 IN 1 Time Master Eth constant and/or dynamic IN 1 1588 1588 Eth Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 17

Transparent Clock and Permanence dispatch 302 0 SM 1 SM 2 SM 3 ES 102 302 send 5 dispatch 306 0 SC 1 SM 4 ES 106 Switch 201 Switch 202 send send receive 5 send receive 306 302 5 302 45 302 45 70 SC 2 CM 1 SM 5 SM 6 Switch 203 receive 10 306 302 302 80 max_transmission_delay (=120) permanence_delay (120 10 = 110) Switch 203 permanence max_transmission_delay (=120) permanence_delay (120 80 = 40) 302 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 100 110 120 130 140 150 105 115 125 135 145 306 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 18

Synchronization Services Clock Synchronization Service Clock Synchronization Service is executed during normal operation mode to keep the local clocks synchronized to each other. Startup/Restart Service is executed to reach an initial synchronization of the local clocks in the system. Integration/Reintegration Service is used for components to join an already synchronized system. Clique Detection Services are used to detect loss of synchronization and establishment of disjoint sets of synchronized components. Computer Time Fast Clock Perfect Clock Message Exchange Message Exchange Slow Clock Startup/Restart Service R.int R.int Real Time Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 19

Single-Master Clock Synchronization Eth Time Master IN 1 Eth Enabler for Synchronous Comm.: Synchronized Global Time 1588 1588 Communication Schedule Eth Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 20

Fault-Tolerant Clock Synchronization Time Master IN 1 IN 1 Eth IN 1 IN 1 Time Master Time Master IN 1 IN 1 Eth 1588 Fault-tolerant synchronization services are needed for establishing a safe global time base Eth 1588 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 21

Step 1: ALL Synchronization Master Dispatch IN Frames at the SAME Scheduled Point in Time Compression Master IN 1 Synchronization Master 1 IN 5 Synchronization Master 5 IN 2 IN 3 IN 4 Synchronization Master 2 Synchronization Master 3 Synchronization Master 4 Precision Dispatch SM1 SM2 SM5 Permanence SM1 SM2 SM5 SM4 SM3 SM4 SM3 Acceptance Window (of SM 2/5)... CM CM t_0 t_1, t_2 t_4, t_5 Reference Point Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 22

Step 2: Compression Master Dispatch Compressed IN Frame back to Synchronization Masters/Clients Compression Master IN C Synchronization Master 1 Synchronization Master 5 Synchronization Master 2 Synchronization Master 3 Synchronization Master 4 Precision Dispatch SM1 SM2 SM5 Permanence SM1 SM2 SM5 SM4 SM3 SM4 SM3 Acceptance Window (of SM 2/5)... CM CM t_0 t_1, t_2 t_4, t_5 Reference Point Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 23

thernet Clock Synchronization i Algorithm Specification Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 24

thernet Clock Synchronization ii Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 25

Other Synchronization Safety Mechanisms Controlled and autonomous late integration Synchronous operation will be reached when a sufficient number of ECUs is powered-up. Remaining ECUs may power up at arbitrary times and will join synchronous operation. Controlled and autonomous re-integration ECUs that drop out of the synchronous operation will autonomously reintegrate after recovery. Controlled and autonomous system-wide reset In the extremely unlikely event that the synchronous time-base is lost, the system is configurable to automatically execute a controlled system-wide restart. Synchronization robustness against EMI Synchronization is configurable to continue operation without receiving synchronization messages for a parameterized number of re-synchronization intervals. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 26

Formal Verification Activities thernet Executable Formal Specification Using symbolic and bounded model checkers sal-smc and sal-bmc Focus on Interoperation of Synchronization Services (Startup, Restart, Clique Detection, Clique Resolution, abstract Clock Synchronization) Verification of Lower-Level Synchronization Functions Permanence Function (sal-inf-bmc + k-induction) Compression Function (sal-inf-bmc + k-induction) Formal Verification of Clock Synchronization Algorithm First time by means of Model Checking (sal-inf-bmc + k-induction) Re-use of the Formal Models to prove: Layered clock-rate correction algorithm (sal-inf-bmc + k-induction) Layered clock-diagnosis algorithm (sal-inf-bmc + k-induction) Verification and minor corrections of the Sparse Timebase Concept Distributed computations without explicit coordination (PVS) Work has mostly been done in the context of the Marie Curie CoMMiCS project FP7 (FP7/2007-2013) project no. 236701 CoMMiCS Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 27

References B. Dutertre, A. Easwaran, B. Hall, W. Steiner, Model-based analysis of Timed-Triggered Ethernet, Proceedings of the 31st IEEE/AIAA Digital Avionics Systems Conference (DASC 2012), IEEE 2012, Recipient of Best in Session and Best in Track awards W. Steiner, G. Bauer, B. Hall and M. Paulitsch, Time-Triggered Ethernet: thernet, In Time-Triggered Communication, R. Obermaisser, editor, CRC Press, 2011 W. Steiner and J. Rushby, TTA and PALS: Formally Verified Design Patterns for Distributed Cyber- Physical Systems, Proceedings of the 30th IEEE/AIAA Digital Avionics Systems Conference (DASC 2011), IEEE 2011, Recipient of Best in Session and Best in Track awards W. Steiner and B. Dutertre, Layered Diagnosis and Clock-Rate Correction for the thernet Clock Synchronization Protocol, Proceedings of the 17th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2011), IEEE Computer Society, 2011 W. Steiner and B. Dutertre, Automated Formal Verification of the thernet Synchronization Quality, Proceedings of the 3rd NASA Formal Methods Symposium (NFM 2011), Springer Lecture Notes in Computer Science, 2011 W. Steiner and B. Dutertre, SMT-Based Formal Verification of a thernet Synchronization Function, Proceedings of the 15th International Workshop on Formal Methods for Industrial Critical Systems (FMICS 2010), Lecture Notes in Computer Science 6371 Springer, 2010, pp. 148-163 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 28

Outline Prerequisites for Safe and Deterministic Communication Asynchronous vs. Synchronous Communication Clock Synchronization and Fault-Tolerant Clock Synchronization Formal Verification Activities Utilization of Safe and Deterministic Communication Time-Triggered Communication Constraints in Multi-Hop Networks Integrated communication for mixed-criticality systems Combined Time-Triggered / Rate-Constrained / Best-Effort Communication Tooling Overview Summary Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 29

Example: 1,000 Frames (Industrial-Sized) 2 1 Dataflow Links are enumerated on the x-axis 3 4 6 5 1 2 X Time-Triggered Only Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 30

End-To-End (E2E) TT Dataflow offset_de offset_ad offset_ef D F A G B C E H Physical Topology Dataflow Path Virtual Link TT frames can be scheduled on each communication link. The communication schedule needs to satisfy constraints as discussed in the following. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 31

Contention-Free Constraints i Definition A sender or relaying instance will dispatch a new frame only after the previous frame has been processed. In a pure time-triggered network, the term processed refers to the transmission of the previous frame. In a mixed time-triggered / event-triggered network, the term processed can be relaxed as the previous time-triggered frame may get delayed by an event-triggered frame in transition. Cluster Cycle no overlaps Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 32

End-to-End Constraints Definition The end-to-end transmission constraints are derived from the application and assumed to be provided by the user. They describe the worst-case maximum and optionally also worst-case minimum allowed latency for a frame x. In general we assume that the bounds specified will be the same for all receivers of the frame x. Cluster Cycle Cluster Cycle bound Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 33

Path-Dependent Constraints Definition Within the dataflow path of a frame x the dispatch points in time of two adjacent edges will be well-timed. This means that the dispatch point in time of a succeeding edge will be scheduled only after it was received from the preceding edge. offset_ad A e.g., slot = 5 D F G offset_de B C E H Physical Topology Dataflow Path Virtual Link offset_ef Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 34

Bounded-Memory Constraints Definition The restrictions of switch memory generates another implementationimposed set of constraints. The memory size required to prevent buffer overflows in the switch can also be expressed in terms of time. e.g., slot = 5 e.g., slot < 8 Cluster Cycle Cluster Cycle bound Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 35

Simultaneous Relay Constraints Definition Though, not conceptually a requirement, there may me an implementation-derived requirement in the switches to dispatch a frame x on all ports simultaneously. Cluster Cycle Cluster Cycle ~ same points in time Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 36

Application-Level Constraints i Definition Application-level dependency constraints describe requirements that span multiple frames x_i. E.g. x_1 has to be dispatched 17.3 ms before x_2. That s the main complexity driver! Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 37

Application-Level Constraints ii Physical Part Physical Process Sensor Control Actuator Cyber Part CPU NIC 1 Switch 2 CPU NIC 3 4 Switch CPU NIC 5 Switch 6 4 shall be sent x ms after 3 is received Capture Sensor Value Calculate Control Value Task Schedule Operate Actuator Interrupts can be generated by a synchronized time reaching scheduled points in time. NIC Switch 1 Switch Switch Switch NIC 2 3 a b c d e f g h i 4 5 6 Frame Schedule Scheduled Events on the Timeline In several safety-relevant and safety-critical systems, synchronized time is a fundamental building block. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 38

Example: 100 Frames Highlighted Constraints: path-dependent, simultaneously dispatch, application-level 2 1 3 4 6 5 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 39

Emerging Benefits of using TT Consistent Distributed Computing Base Unification of Interfaces Temporal Firewalls Composability Independent Development of ECUs Stability of Prior Services Constructive Integration Replica Determinism Scalability Transparent Implementation of Fault Tolerance Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 40

Emerging Benefits of using TT Consistent Distributed Computing Base Unification of Interfaces Temporal Firewalls Composability Independent Development of ECUs Stability of Prior Services Constructive Integration Replica Determinism Scalability Transparent Implementation of Fault Tolerance Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 41

Outline Prerequisites for Safe and Deterministic Communication Asynchronous vs. Synchronous Communication Clock Synchronization and Fault-Tolerant Clock Synchronization Formal Verification Activities Utilization of Safe and Deterministic Communication Time-Triggered Communication Constraints in Multi-Hop Networks Integrated communication for mixed-criticality systems Combined Time-Triggered / Rate-Constrained / Best-Effort Communication Tooling Overview Summary Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 42

Mixed-Criticality Systems Windows PC Windows PC Open Networks How to share system resources and partition critical and non-critical distributed functions? Linux Server Standard IEEE802.3 Ethernet LAN Network thernet F2 F4 F1 F2 F3 F4 F1 F2 F4 Time and space partitioned OS F1 F2 F3 F4 Time and space partitioned OS Time and space partitioned OS Time and space partitioned OS Safety-, Time- or Mission-Critical System Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 43

thernet for Mixed-Criticality Systems Enables robust partitioning of all computing and networking resources in one system Fault-tolerant distributed clock Hard real time communication (µs jitter, fixed latency) host critical controls, video, audio, LAN, Layer 3-7 In parallel, two types of Ethernet communications: Synchronous (TDMA-style) Communication: TT Application Time-Triggered Extension Asynchronous (event-triggered style): RC + BE Ethernet IEEE 802.3 thernet 40 msec 40 msec 40 msec TT1 TT2 RC RC BE TT1 BE RC TT2 BE TT1 RC BE RC TT2 TT1 BE BE RC RC 30 msec 30 msec 30 msec 30 msec TT1 TIME Longest Communication Cycle in this Example: LCM(30,40) = 120msec Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 44

thernet Dataflow: Rate-Constrained Traffic Rate-Constrained Traffic (RC) Switch/Router Receiver Sender min. duration min. duration min. duration Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 45

Mixed Traffic on Ethernet RC Accumulated Jitter 00:10 2 00:01 1 4a 3a 2a 1a thernet Switch Time Triggered 00:11 00:02 Rate Constrained 4b 3b 2b 1b Best Effort Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 46

Mixed Traffic on an Ethernet RC Accumulated Jitter 00:10 TT is dispatched according synchronized time 00:01 4a thernet Switch Time Triggered 00:11 00:02 Rate Constrained 3a 3b TT is forwarded according synchronized time 2 1a TT has lowest latency and lowest jitter 1b 1 4b 2b Best Effort 2a RC frame delivery is guaranteed, but potentially has high latency and jitter RC potentially queue-up in switch memory Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 47

Mixed Traffic on an Ethernet BE Buffer Overflow thernet Switch Time Triggered 4 3 2 1 Rate Constrained Best Effort 3 2 1 Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 48

Mixed Traffic on an Ethernet BE Buffer Overflow thernet Switch Time Triggered Rate-constrained frame delivery (standard Ethernet traffic) is guaranteed! Rate Constrained 3 2 1 Best Effort 4 2 1 3 Best-effort frame delivery (standard Ethernet traffic) is NOT guaranteed! Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 49

Integrated Dataflow Example TT BE TT BE TT BE t 3ms cycle 3ms cycle 3ms cycle Sender 1 Switch/Router Dataflow Integration - Time-Triggered (TT) - Rate-Constrained (RC) - Standard Ethernet (BE) Receiver Sender 2 TT TT RC BE TT TT BE BE TT RC TT TT BE t TT BE BE TT RC TT BE 3ms cycle 3ms cycle 3ms cycle 2ms cycle 2ms cycle 2ms cycle t 2ms cycle 2ms cycle 2ms cycle 2ms cycle 6ms Cluster Cycle thernet Switches are non-preemptive store-and-forward switches using priorities Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 50

Integration Options When two (or more) messages compete for relay to the same outgoing port, the switch has to serialize these messages. Typically, a priority mechanism will be used. Priority is easy, when there is a clear winner in terms of priority. If there are messages of same priority the messages will be serviced according FIFO. What happens if there is a low-priority message (L) in relay, when a high-priority message (H) becomes ready for relay? Implemented in early (academic) versions of TT-Ethernet Contention: Preemption: Timely Block: Shuffling: Implemented in current versions of thernet Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 51 L L H H H H L L real-time

Example: 1,000 Frames (Industrial-Sized) 2 1 Dataflow Links are enumerated on the x-axis 3 4 6 5 1 2 RC/BE frames are also integrated during TT phases. RC TT X RC TT RC TT RC TT Time-Triggered Only Time-Triggered + Event-Triggered Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 52

Example: 1,000 Frames (Industrial-Sized) 2 1 Dataflow Links are enumerated on the x-axis 3 4 6 5 1 2 RC/BE frames are also integrated during TT phases. RC TT X RC TT RC TT RC TT Time-Triggered Only Time-Triggered + Event-Triggered Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 53

Tools Requirements Data Flow Overview Plan Network Config. (Schedule) Generation (currently -Demo Scheduler) Build Network Configuration Plug-in Device Config. Generation Build Basic Image Generation System Specification XML Network Configuration XML Device Device Configuration XML XML Image Image High-level communication reqs. Senders, receivers, virtual links, sync domains, fault-tolerance requirements, etc. This stores the schedule (TT, RC, ET configs). Who sends what at what time (TT) at what rate (RC) on what route? This is a truthful, human readable XML representation of the binary tables in the switches and end systems. This is the binary image for a switch or end system, ready for download. Images for multiple devices in the system may be collected in a download database Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 54

Outline Prerequisites for Safe and Deterministic Communication Asynchronous vs. Synchronous Communication Clock Synchronization and Fault-Tolerant Clock Synchronization Formal Verification Activities Utilization of Safe and Deterministic Communication Time-Triggered Communication Constraints in Multi-Hop Networks Integrated communication for mixed-criticality systems Combined Time-Triggered / Rate-Constrained / Best-Effort Communication Tooling Overview Summary Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 55

Summary and Conclusion Cyber-physical systems become more and more complex with an increasing demand on resources. Determinism is a key concept to manage complexity and to ensure system safety. The integration of applications with mixed-criticality requirements, so that they share resources, allows cost-effective architectures for realtime and safety-critical systems. Ethernet is a good basis for an integrated communication infrastructure. Enabling Ethernet with time-triggered services (thernet) generates a deterministic communication infrastructure for mixedcriticality systems that allows synchronous and asynchronous communication. The synchronized global time protects highly critical dataflows from less critical or uncritical ones. Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 56

Books on Time-Triggered Technology Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 57

E n s u r i n g R e l i a b l e N e t w o r k s w w w. t t t e c h. c o m Wilfried Steiner, Senior Research Engineer wilfried.steiner@tttech.com Copyright TTTech Computertechnik AG. All rights reserved. 5/18/2013 / Page 58

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback