INDustrial EXploitation of the genesYS cross-domain architecture Developing deterministic networking technology for railway applications using TTEthernet software-based end systems Project n° 100021 Astrit Ademaj, TTTech Computertechnik AG Outline INDustrial EXploitation of the genesYS cross-domain architecture GENESYS requirements - railway Time-triggered communication TTEthernet SW based implementation of the TTEthernet Conclusion ARTEMISIA Association Title Presentation - 2 GENESYS – GENeric Embedded SYStems INDustrial EXploitation of the genesYS cross-domain architecture Instruction how to build your embedded systems architecture GENESYS: ¾ is a reference architecture template providing specifications and requirements to design a cross domain embedded systems architecture. ¾ architecture style supports a composable, robust and comprehensible, component based framework with strict separation of computation from message based communication ¾ distinguishes between 3 integration levels: • Chip Level (IP cores communicate via a deterministic Network-on-a-Chip) • Device Level (Chips communicate within a device) • System Level (Devices communicate in an open or closed environment) ARTEMISIA Association Title Presentation - 3 GENESYS and the railway domain INDustrial EXploitation of the genesYS cross-domain architecture Safety-critical applications in the railway domain require ¾ deterministic communication networks ¾ robustness and ¾ composability are key issues. GENESYS ¾ architecture style supports a composable, robust and comprehensible, component based framework with strict separation of computation from message based communication ¾ distinguishes between 3 integration levels: • …. • System Level (Devices communicate in an open or closed environment) ARTEMISIA Association Title Presentation - 4 TTEthernet INDustrial EXploitation of the genesYS cross-domain architecture TTEthernet is a suitable candidate to implement the integration at the system level ¾ For the railway domain … and not only Composability/determinism and robustness are key issue Enables a cost effective implementation of design diversity. ARTEMISIA Association Title Presentation - 5 Time-Triggered communication INDustrial EXploitation of the genesYS cross-domain architecture Predictability ¾ Time-Triggered Communication ¾ Scalable Composability ¾ Properties at the component level remain unchanged after integration ¾ TT communication architectures suitable ¾ Reduce testing and certification efforts ¾ Easy implementation of fault-tolerance mechanisms Robustness ¾ Fault containment ¾ Error containment ¾ Replication of components ARTEMISIA Association Title Presentation - 6 What time-triggered systems need INDustrial EXploitation of the genesYS cross-domain architecture Any Time-Triggered System must have two key properties: a notion of time ¾ in case of a distributed system: a GLOBAL notion of time, available to each node in the system a schedule (when to do what) ¾ in case of a distributed system: a GLOBAL schedule or CONSISTENT parts of a GLOBAL schedule available to each node in the system ARTEMISIA Association Title Presentation - 7 Example: Time-Triggered vs Event- Triggered INDustrial EXploitation of the genesYS cross-domain architecture Transportation ¾ cars and taxis are event-triggered: they go whenever they are needed ¾ buses and trains are time-triggered: they go according to a fixed schedule Advantage of the event-triggered approach: very flexible Advantage of the time-triggered approach: very predictable When would you prefer a time-triggered solution? ARTEMISIA Association Title Presentation - 8 Nondeterminism under Peak Load INDustrial EXploitation of the genesYS cross-domain architecture “Peak load” can corrupt established system properties ¾ The communication network fails to provide the properties established in functional verification – timing, latencies, error rates increase massively ¾ The control functions fail to respond to external influences (e.g. steering commands) in time – unspecified or unacceptable behavior occurs Î for complex electronic systems with high availability, reliability, and safety requirements peak load scenarios must be avoided by design! ARTEMISIA Association Title Presentation - 9 Addressing Peak Load in Critical Systems INDustrial EXploitation of the genesYS cross-domain architecture How can you ensure that a system stays reliable under load? ¾ A time-triggered system uses the same amount of resources and provides the same amount of throughput all the time ¾ In cases of low load, this performance is “wasted” ¾ But in cases of high load, unexpected loads or faults, no peak occurs no peak load throughput 100 % ideal system time-triggered system load requirements “wasted” area ARTEMISIA Association Title Presentation - 10 Composability with a Time-Triggered communication INDustrial EXploitation of the genesYS cross-domain architecture Properties established at the component level are maintained after the system integration ¾ the properties of the communication schedule are defined by the system integrator before implementation and integration ¾the schedule is distributed consistently to all nodes ¾all nodes can communicate only according to this schedule Integration does not “change” anything – it only “completes” the communication pattern which was incomplete for each subsystem. ARTEMISIA Association Title Presentation - 11 Composability with a Time-Triggered communication INDustrial EXploitation of the genesYS cross-domain architecture a R cd hk sop Communication schedule as designed by the ab Rt fg hk so system integrator - contains one spare aRcfghksop (green) slot ab Rt fg hk so acdhk ab fg hk Communication schedule for Subsystem A only acfghk ab fg hk Rsop Rt so Communication schedule for Subsystem B only Rsop Rt so Communication schedule for Subsystem C can be added without affecting A and B ARTEMISIA Association Title Presentation - 12 Fault Tolerance and design diversity INDustrial EXploitation of the genesYS cross-domain architecture Fault-tolerance is implemented by replication of system components ¾Two or more components perform the same services in parallel and provide their output simultaneously to mask failures of one of them. Tolerance against design failures – design diversity ¾ Use different specification to implement the same service ARTEMISIA Association Title Presentation - 13 What is TTEthernet? INDustrial EXploitation of the genesYS cross-domain architecture A TT communication system, which integrates real-time and non real-time traffic into a single communication infrastructure ¾integrate traffic with different characteristics (requirements) in a flexible way ¾switched topology ¾Support application with different criticality requirements • data acquisition, multimedia, • real-time control app., safety-critical applications. ARTEMISIA Association Title Presentation - 14 What is TTEthernet (2)? INDustrial EXploitation of the genesYS cross-domain architecture In principle we can enable any carrier protocol with time-triggered technology, … … but there are some good reasons for using Ethernet. ¾ Ethernet is a well-established open-world standard ¾ Scalable. ¾ Bandwidth (10 Mbit/s, 100 Mbit/s, 1Gbit/s, 10Gbit/s) ¾ COTS Ethernet hardware is low cost. ¾ Existing tools can be leveraged • cost-efficient monitoring tool (e.g., Wire Shark) • for maintenance and configuration (ssh, web servers,…). ARTEMISIA Association Title Presentation - 15 TTEthernet Topology Consist mainly of ¾TTE-Switches, ¾TTE- End Systems (ES) and Standard Ethernet End Systems T T E s w i tc h genes IND YS ustrial cross-domain architecture EX ploitation of the TTE T T ARTEMISIA Association E s w i TTE tc h Eth TTE TTE TTE Eth Title Presentation - 16 TTEthernet features INDustrial EXploitation of the genesYS cross-domain architecture Time-Triggered comm systems are ¾ deterministic, composable and scalable ¾ real-time comm. network compatible with IEEE 802.3. ¾ Standard Ethernet traffic does not affect the properties of the real-time traffic. End Systems HW based (dedicated chip/component) or SW based The software-based TTEthernet software based implementation uses COTS Ethernet controllers showcasing that TTEthernet can be implemented on any Ethernet compliant hardware. ¾ thus providing a cost-efficient and flexible technology implementation, allowing the usage of design diversity ARTEMISIA Association Title Presentation - 17 Ethernet Standard IEEE 802.3 INDustrial EXploitation of the genesYS cross-domain architecture IEEE 802.3 addresses the lowest layers of the ISO/OSI reference model, some higher layers are represented by other IEEE 802 parts. TTEthernet performs services transparently within the Data Link layer, using all IEEE 802.3 services without modification. 7 Application architecture, NM, layers above (TCP,UDP,IP) 6 Presentation 5 Session Logical Link Control (IEEE 802.3 LLC) 4 Transport 3 Network Media Access Control (IEEE 802.3 MAC) 2 Data Link 1 Physical Physical Layer (IEEE 802.3 PHY) 10BaseT 100BaseTx 1000BaseCX … ISO/OSI layer model ARTEMISIA Association Title Presentation - 18 TTEthernet Traffic Classes INDustrial EXploitation of the genesYS cross-domain architecture TTE-frames - compatible to the standard Ethernet frame format. Destination MAC address is use to identify the frames, ¾ where the first 4 bytes represent the critical traffic marker (cluster ID), ¾ the last 2 bytes the critical traffic identifier (denoted also as message ID). Schedule ID VLID TTEthernet traffic classes