Time Triggered Ethernet - Overview

Copyright © TTTech Computertechnik AG. All rights reserved. www.tttech.com

Time-Triggered Ethernet: Overview and Status

[email protected] Computertechnik AG

Copyright © TTTech Computertechnik AG. All rights reserved. Page 2www.tttech.com

Outline

TTEthernet – SummaryProtocol Status

• Verification Activities• Dataflow Integration Studies• Standardization Status

Chip IP Status• Switch• End System

Product Status• Hardware• Software Tools• Middleware Software• Upcoming Products/Outlook


TTEthernet – Summary


Mixed-Criticality Systems

Standard IEEE802.3 Ethernet LAN

Safety-, Time- or Mission-Critical System

Ethernet switch

Time and spacepartitioned OS




Linux Server

WindowsPC

WindowsPC

F1

F1 F1F2 F2

F2F2 F3 F4

F3 F4

F4

F4

Open NetworksHow to share system resources and partition critical and non-critical distributed functions?


TTEthernet for Mixed Criticality Systems

Enables robust partitioning of all computing and networking resourcesin one system

• Fault-tolerant distributed clock

• Hard real time communication(µs jitter, fixed latency)

• host critical controls, video, audio, LAN, …

In parallel, two types of Ethernet communications:

Synchronous (TDMA-style) Communication: TT

Asynchronous (event-triggered style): RC + BE Ethernet IEEE 802.3

Application

Time-Triggered Extension

Layer 3-7


X

Asynchronous CommunicationTransmission Points in Time are not predictable

Transmission Latency and Jitter accumulate Number of Hops has a significant impact

Usually solved by High Wire-Speeds & Low UtilizationProblem of “Indeterminism” remains

Asynchronous Communication (RC, BE)


Clock Synchronization

TTE

1588

1588

Eth

TTE

TTE

Eth

TTE

TTE TTE

TTE

TTE

TTE

Eth

Time Master

Enabler for Synchronous Comm.:

Synchronized Global Time

Communication Schedule


Synchronous Communication

X

Exactly one order of messages Mi(in contrast to PERM(Mi) in async. comm)

Synchronous Communication (TT)


Integrated Dataflow Example

TT TTTT TT TTTT TT

3ms cycle

2ms cycle

3ms cycle 3ms cycle

2ms cycle 2ms cycle 2ms cycle

6ms Cluster Cycle

RC BE BE BE RC BE t

Sender

1 Switch/RouterReceiver

Sender

2

TT TT TT


BE BE BE t

TT TT TT


BE BE RC BE

t

Dataflow – Integration- Time-Triggered (TT) - Rate-Constrained (RC)- Standard Ethernet (BE)

TTEthernet Switch is also capable of changing traffic types, e.g. a message received as RC can be relayed as TT


Example: 1,000 Frames (Industrial-Sized)

Time-Triggered Only Time-Triggered + Event-Triggered

12

34

5

6

1 2

Dataflow Links are enumerated on the x-axis

…

TT

TT

TT

TT

RC

RC

RC

RC

RC/BE frames are also integrated during TT phases.


Example: 100 Frames

12

34

5

6

Highlighted Constraints: path-dependent, simultaneously dispatch,application-level


Clock Synchronization

TTE

1588

1588

Eth

TTE

TTE

Eth

TTE

TTE TTE

TTE

TTE

TTE

Eth

Time Master

Enabler for Synchronous Comm.:

Synchronized Global Time

Communication Schedule


Fault-Tolerant Clock Synchronization

TTE

1588

1588

Eth

TTE

TTE

TTE

Eth

TTE

TTE

TTE

TTE

TTE

TTE

TTE

Eth

Time Master

Time Master

Time Master

Fault-tolerant synchronization services are needed for establishing a robust global time base


Failure Model for High-Integrity Components: Inconsistent-Omission Faulty


TTEthernet – Protocol Status


Formal Verification ActivitiesTTEthernet Executable Formal Specification

• Using symbolic and bounded model checkers sal-smc and sal-bmc• Focus on Interoperation of Synchronization Services (Startup, Restart, Clique Detection,

Clique Resolution, abstract Clock Synchronization)

Formal Verification of Clock Synchronization Algorithm• First time by means of Model Checking (sal-inf-bmc)

Verification of Lower-Level Synchronization Functions• Permanence Function

• verified with the infinite-bounded model checker sal-inf-bmc• using disjunctive invariant and k-induction

• Compression Function• verified with the infinite-bounded model checker sal-inf-bmc• using abstraction and 1-induction

Finalization & Completion of formal assessment within CoMMiCS Project • Complexity Management for

Mixed-Criticality Systems • European Communities FP7 (FP7/2007-2013)

project no. 236701CoMMiCS


Model-Checking Clock Synchronization i

Algorithm Specification


Model-Checking Clock Synchronization ii

Byzantine Faulty Clock


Integrated Dataflow Theory and Tools

“An Evaluation of SMT-based Schedule Synthesis For Time-Triggered Multi-Hop Networks”

• In RTSS'10: Proceedings of the 31st IEEE Real-Time Systems Symposium. IEEE, 2010.• This paper discusses how to use the general purpose tool YICES to synthesis schedules for

time-triggered communication.

“On The Real-Time Performance Of Switches For Rate-Constrained Multicast Dataflow”

• Draft Available• Here we analyze the real-time behavior of switches for rate-constrained traffic.

We use the SMT-solver YICES to synthesize frame-to-node assignments. Furthermore, we use the SAL model-checker to reason about the memoryutilization in switches for rate-constrained multicast dataflow.

“Synthesis of Static Communication Schedules for Mixed-Criticality Systems”

• In AMICS’11: Proceedings of the 1st IEEE Workshop on Architectures and Applications for Mixed-Criticality Systems

• We discuss how to generate schedules to integrate time-triggered and rate-constrained dataflow.

Industrial Tools from TTTech are available.

CoMMiCS


SMT-Based Scheduling: Synthesis Times

Star

Snowflake

Tree


TTEthernet Standard

Balloting for Standardization expected for Q2 of 2011


TTEthernet – Chip IP Status


General Design Properties

• All synchronous design• Clock domains

• Switch: single clock domain 125MHz

• End System: • two clock domains with IP-configurability

• allows to run IP @ 125MHz/31.25MHz in Cyclone III

• Single-ported memories• Memory reads always fed through registers• All RAM blocks are accessible at top-level entity


Switch IP Features (1/2)

• 10/100/1000 full-duplex Ethernet GMII• 8 Gbps non-blocking full-duplex switching engine• 3 traffic classes: time-triggered real-time, event-

triggered real-time (aka ARINC 664), COTS• 32 bits 125MHz AHB Lite status/control interface• Fault-tolerant distributed clock synchronization

algorithm• Traffic policing compliant with ARINC 664 definitions• Proprietary traffic policing (start window protection) for

time-triggered traffic• 1588 V2 transparent clock update


Switch IP Features (2/2)

• IP-configurable wrt• Number of VLs

• Total number of ports (max. 8 x 10/100/1000, one 10/100/1000 port can bereplaced by ten 10/100 ports)

• Number of 10/100/1000 ports

• Number of 10/100 ports

• Number of schedule entries and schedule periods

• Size of frame memory

• Number of output priority queues

• Number of memory partitions


Switch IP Configuration

• 8 memory partitions• 8192 schedule entries• 8 sub-schedules (aka schedule periods)• 128 ICL entries• 4096 IVL entries• 8 priorities (plus locally generated sync frames)• 4096 frames per port max.• 32768 addressable memory buffers (yielding 2MB, 4MB,

16MB, 32MB addressable memory at buffer sizesconfigured to be 64, 128, 512, 1024 bytes, respectively)


Switch IP Sizing & Complexity

• Numbers of benchmark IPs on Altera Cyclone III FPGA• Numbers of switch IP on Altera Stratix IV FPGA

Logic Cells Registers ConfigMem MessageMemERay 21.000 8.000 16.5kb 66kbC2NF 9.000 3.300 70kb 256kb2FT 8x100M TTEthernet Switch 99.000 54.500 850kb 2048kbAltera 10/100/1000 MAC 3.100 2.250 80kb

x 2 6.200 4.500 160kbx 3 9.300 6.650 240kb

2FT TTEthernet NIC 92.000 43.000 1Mb 2.5Mb

1FT TTEthernet MAC 14.500 5.500 29kb64kb input

64kb outputALUTs Registers ConfigMem MessageMem

2FT 6x1G+20x100M TTEthernet Switch 80.000 55.000 4.4Mb up to 256Mb


End System IP Features (1/2)

• 10/100/1000 full-duplex Ethernet GMII• 2 channels• 3 traffic classes: time-triggered real-time, event-

triggered real-time (aka ARINC 664, AFDX), COTS• 32 bits 125MHz AHB Lite status/control interface• Proprietary streaming interfaces for frame input/output• Fault-tolerant distributed clock synchronization

algorithm (formally verified using SRI’s model checker)• Automatic generation of sequence numbers in

compliance with ARINC 664 definitions• Integrity checking and redundancy management

compliant with ARINC 664 definitions


End System IP Features (2/2)

• Traffic shaping in compliance with the definitions of ARINC 664

• IP-configurable wrt (recommended defaults for embedded IP in parentheses)

• No. output VLs (64)

• No. input VLs (128)

• No. schedule entries (64), schedule periods (8), and clock sync masters (8)

• Output frame memory (128 buffers @ 64B)


IP Sizing & Complexity

Logic Cells Registers ConfigMem MessageMemE-Ray (FlexRay - Bosch) 21.000 8.000 16.5kb 66kbC2NF (TTP - TTTech) 9.000 3.300 70kb 256kb2FT 8x100M TTEthernet Switch 99.000 54.500 850kb 2048kbAltera 10/100/1000 MAC 3.100 2.250 80kb

x 2 6.200 4.500 160kbx 3 9.300 6.650 240kb

2FT TTEthernet NIC 92.000 43.000 1Mb 2.5Mb

1FT TTEthernet MAC 14.500 5.500 29kb 64kb input64kb output

• Numbers based on Altera Cyclone III FPGA• TTE MAC sizing using recommended parameter set


TTEthernet – Product Status

Copyright © TTTech Computertechnik AG. All rights reserved. Page 32www.tttech.com Page 32

TTEthernet Products - Summary

Chip IP• Switches and End Systems

• Certification Package (RTCA DO 254)

Development EquipmentSwitches TTEDev Switch 1 Gbit/s 12 Ports

TTEDev Switch 100 Mbit/s A664

E/S TTEPMC Card, TTEPCI CardTTEXMC Card, TTEPCIe Card

Test and Simulation Equipment• TTEMonitoring Switch 1 Gbit/s 12+1 Ports

• TTEMonitoring System

• TTEEnd System A664 Dev&Test

Development Systems• TTEDevelopment System 1 Gbit/s v2.0

• TTEDevelopment System 100 Mbit/s

Configuration & Verification Tooling• TTEBuild, TTE Build Network Configuration

• TTELoad

• TTEView

• TTEVerify (certification RTCA DO 178B)

Embedded Software• TTEProtocol Layer, TTEDriver and TTEAPI Library

• TTECOM Layer ARINC 653

• TTESync Library


www.tttech.com

Technology

Time Triggered Ethernet - Overview