Transcription
Overview of TTE Applicationsand Development at NASA/JSCCCSDS SOIS SUBNET WG MeetingASI, Rome, Italy17 – 21 October 2016Andrew Loveless (NASA JSC)andrew.loveless@nasa.govAndrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 1/XX
National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationBackgroundThe Avionics and Software (A&S) Project is developing amission-agnostic architecture applicable to spacecraft or habitats. Chartered by NASA’s Advanced Exploration Systems (AES) Program.Includes participation by most NASA centers and several commercial partners.Mature promising architectures for use in other NASA projects.Approach: Minimize development time/cost by utilizing COTS technologies.Past ExperienceCurrent ProjectsCommercial PartnersAES A&S ProjectAndrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 2/28
IPAS: Integrated TestbedNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationIPAS testbed located at NASA/JSC in B29Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 3/28
TTEthernet Traffic ClassesNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationTime-Triggered Ethernet can help overcome difficulties in realizing an IMAarchitecture by providing multiple traffic classes for different criticality levels.BandwidthUtilizationTime-TriggeredExact definition of TDMAslots and time baseSynchronous deterministicmessaging with TDMApartitioning (SAE AS6802)LowAsynchronous deterministicmessaging (ARINC 664-p7)9% diagnostics/config andexperiments (IEEE 802.3)Traffic PriorityRate-Constrained18% high-definition videoand displays (IEEE 802.3)9% real-time telemetryprocessing and datarecorder (ARINC 664)Traffic shaping andpolicing prevents lossof streaming data.18% real-time audio/video streaming(ARINC 664)High27% hard real-time vehiclecontrol (vehicle management,IMU, star tracker, powercontroller) (SAE AS6802)Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Best-Effort (Classical)Asynchronous standardEthernet LAN (IEEE 802.3)Slide: 4/28
National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationTTEthernet Traffic IntegrationTime-TriggeredFrames1 112ms2 1 2 112ms1 2 22msNode 43ms3ms2ms12ms2ms6ms Cluster CycleOverloadedNetworkNode 1Switch 1Rate-ConstrainedFrames2 2Switch 22 23msNode 5Best-Effort Frames3ms2 1 2 1 4 1 2 2 5 1 5 43ms3ms2ms2ms2ms6ms Cluster CycleNode 3Node 2Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 5/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis. Built libraries for Core Flight Software (CFS) supportingnetwork-based FSW scheduler, synchronization, and voting. Wrote extensions to stock TTE implementations, including: Network stack for Phoenix Chip-IP - including UDP and IP layers. Wrapper APIs with abstraction over DMA/PIO transfer mechanisms. Abstraction layer for Pegasus Chip-IP on VxWorks. Developed tools for report generation and metric collection.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 6/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment.Scripts integrated w/ TTETools and Chip-IP automatescheduling process.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 7/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis. Built libraries for Core Flight Software (CFS) supportingnetwork-based FSW scheduler, synchronization, and voting. Wrote extensions to stock TTE implementations, including: Network stack for Phoenix Chip-IP - including UDP and IP layers. Wrapper APIs with abstraction over DMA/PIO transfer mechanisms. Abstraction layer for Pegasus Chip-IP on VxWorks. Developed tools for report generation and metric collection.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 8/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis. Built libraries for Core Flight Software (CFS) supportingnetwork-based FSW scheduler, synchronization, and voting. Wrote extensions to stock TTE implementations, including: Network stack for Phoenix Chip-IP - including UDP and IP layers. Wrapper APIs with abstraction over DMA/PIO transfer mechanisms. Abstraction layer for Pegasus Chip-IP on VxWorks. Developed tools for report generation and metric collection.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 9/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis. Built libraries for Core Flight Software (CFS) supportingnetwork-based FSW scheduler, synchronization, and voting. Wrote extensions to stock TTE implementations, including:New Network Stack and API Network stack for Phoenix Chip-IP - including UDP and IP layers. Wrapper APIs with abstraction over DMA/PIO transfer mechanisms. Abstraction layer for Pegasus Chip-IP on VxWorks. Developed tools for report generation and metric collection.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 10/28
Past Work: Technology and ToolsNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a long history of using Time-Triggered Ethernet. Collaborated with Honeywell on applicationof TTGbE for the Orion MPCV (2007). Have worked with every major iteration ofTTTech’s TTEthernet (2008 – Present).Example Projects: Driver development to support TTEthernet on a widerange of different platforms and OSs. Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis. Built libraries for Core Flight Software (CFS) supportingnetwork-based FSW scheduler, synchronization, and voting. Wrote extensions to stock TTE implementations, including: Network stack for Phoenix Chip-IP - including UDP and IP layers. Wrapper APIs with abstraction over DMA/PIO transfer mechanisms. Abstraction layer for Pegasus Chip-IP on VxWorks. Developed tools for report generation and metric collection.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 11/28
Past Work: Fault-ToleranceNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a focus fault-tolerance for human-rated vehicles. Experience from the Space Shuttle, ISS, and X-38 CRV hasinfluenced the design of several fault tolerance approaches. We have used Time-Triggered Ethernet to realize multiplearchitectures accommodating different fault classifications.Different Approaches: Boeing 787 Self-Checking Pair (SCP) with lockstepIBM 750FX processors and TTGbE interface. Comparable to Orion Vehicle Management Computer (VMC). Warm-Backup redundant computers (shadowing). Comparable to ISS Command and Control MDMs. Triplex Voting with Master/Slave synchronization. Demonstrated running Ascent Abort 2 (AA2) missionscenario with Orion GN&C flight software. Quad-Voting with message-based synchronization. Realized on 4x Aitech SP0-100 SBCs running VxWorks. Quad-Voting with real-time network synchronizationand 1-byzantine fault tolerance. Showed ability to transparently vote all input and outputdata between apps in 100Hz FSW schedule table.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 12/28
Past Work: Fault-ToleranceNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a focus fault-tolerance for human-rated vehicles. Experience from the Space Shuttle, ISS, and X-38 CRV hasinfluenced the design of several fault tolerance approaches. We have used Time-Triggered Ethernet to realize multiplearchitectures accommodating different fault classifications.Different Approaches: Boeing 787 Self-Checking Pair (SCP) with lockstepIBM 750FX processors and TTGbE interface. Comparable to Orion Vehicle Management Computer (VMC). Warm-Backup redundant computers (shadowing). Comparable to ISS Command and Control MDMs. Triplex Voting with Master/Slave synchronization. Demonstrated running Ascent Abort 2 (AA2) missionscenario with Orion GN&C flight software. Quad-Voting with message-based synchronization. Realized on 4x Aitech SP0-100 SBCs running VxWorks. Quad-Voting with real-time network synchronizationand 1-byzantine fault tolerance. Showed ability to transparently vote all input and outputdata between apps in 100Hz FSW schedule table.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 13/28
Past Work: Fault-ToleranceNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a focus fault-tolerance for human-rated vehicles. Experience from the Space Shuttle, ISS, and X-38 CRV hasinfluenced the design of several fault tolerance approaches. We have used Time-Triggered Ethernet to realize multiplearchitectures accommodating different fault classifications.Different Approaches: Boeing 787 Self-Checking Pair (SCP) with lockstepIBM 750FX processors and TTGbE interface. Comparable to Orion Vehicle Management Computer (VMC). Warm-Backup redundant computers (shadowing). Comparable to ISS Command and Control MDMs. Triplex Voting with Master/Slave synchronization. Demonstrated running Ascent Abort 2 (AA2) missionscenario with Orion GN&C flight software. Quad-Voting with message-based synchronization. Realized on 4x Aitech SP0-100 SBCs running VxWorks. Quad-Voting with real-time network synchronizationand 1-byzantine fault tolerance. Showed ability to transparently vote all input and outputdata between apps in 100Hz FSW schedule table.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 14/28
Past Work: Fault-ToleranceNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNASA-JSC has a focus fault-tolerance for human-rated vehicles. Experience from the Space Shuttle, ISS, and X-38 CRV hasinfluenced the design of several fault tolerance approaches. We have used Time-Triggered Ethernet to realize multiplearchitectures accommodating different fault classifications.Different Approaches: Boeing 787 Self-Checking Pair (SCP) with lockstepIBM 750FX processors and TTGbE interface. Comparable to Orion Vehicle Management Computer (VMC). Warm-Backup redundant computers (shadowing). Comparable to ISS Command and Control MDMs. Triplex Voting with Master/Slave synchronization. Demonstrated running Ascent Abort 2 (AA2) missionscenario with Orion GN&C flight software. Quad-Voting with message-based synchronization. Realized on 4x Aitech SP0-100 SBCs running VxWorks. Quad-Voting with real-time network synchronizationand 1-byzantine fault tolerance. Showed ability to transparently vote all input and outputdata between apps in 100Hz FSW schedule table.Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 15/28
Conceptual – Network BackplaneNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationThe flexibility of the spacecraft can be significantlyincreased by adopting a “flat” avionics architecture. All information (both computed and I/O) can be madeavailable to any other part of the system.A table-driven approach can be used to:ThermalComm.1. Assign functions to different computer platforms.2. Assign processor/memory resources to each function.3. Configure messaging paths between functions.A given function’ssoftware and I/O do notneed to be Ethernet BackboneGN&CAndrew Loveless (NASA JSC/EV2)I/OI/OI/OPowerA “network node” describesany function that can accessthe network backplane.ECLSSCCSDS SOIS SUBNET WG Meeting – 10/2016PropulsionSlide: 16/28
Conceptual – Network BackplaneNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationThe flexibility of the spacecraft can be significantlyincreased by adopting a “flat” avionics architecture. All information (both computed and I/O) can be madeavailable to any other part of the system.A table-driven approach can be used to:1. Assign functions to different computer platforms.2. Assign processor/memory resources to each function.3. Configure messaging paths between functions.ThermalComm.Commonality b/w platformsincreases the flexibility ofhaving a flat -TriggeredEthernet BackboneGN&CAndrew Loveless (NASA JSC/EV2)I/OI/OECLSSCCSDS SOIS SUBNET WG Meeting – 10/2016PropulsionSlide: 17/28
Physical – Network BackplaneNational Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationFunctions can be implemented on different platformsthroughout the vehicle. Each computer platform canimplement multiple functions (i.e. “network nodes”).Redundant voting processors can be used to implementflight-critical functions (e.g. GN&C, ECLSS, Power control). Redundant computer platforms do not need to be co-located. The fault-tolerance strategy should mirror the avionics approach. Solutions that don’t require platform-specific hardware increase theflexibility of decoupling functions from specific LRUs.EthernetSwitchFCC 1RIU RIUFCC 2TTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchRIUOBCFCC 3Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 18/28
Conceptual – Network BackplaneFunctions can be implemented on different platformsthroughout the vehicle. Each computer platform canimplement multiple functions (i.e. “network nodes”).Redundant voting processors can be used to implementflight-critical functions (e.g. GN&C, ECLSS, Power control).National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationClassical Ethernet LAN Redundant computer platforms do not need to be co-located. The fault-tolerance strategy should mirror the avionics approach. Solutions that don’t require platform-specific hardware increase theflexibility of decoupling functions from specific LRUs.Fault-Tolerant VotingVarying degrees of replicationdepending on desired level offault tolerance.FCC 1RIU RIUFCC 2EthernetSwitch Achieved at partition, processor,box, or subsystem level.TTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchRIUFCC 3Andrew Loveless (NASA JSC/EV2)Degree of local processingdepends on requirementsof given subsystem.CCSDS SOIS SUBNET WG Meeting – 10/2016OBCSlide: 19/28
Remote Interface Units (RIUs)National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationRemote Interface Units (RIUs) offload data acquisition andactuator control from the Flight Control Computers (FCCs).Contain I/O cards for connecting to sensors/effectorsrelated to a given function (e.g. MIL-STD-1553, RS422).Use Time-Triggered Ethernet (TTE) NICs to communicateover the network backplane to the FCCs.Could be based on industry-standard backplane (e.g. cPCI).Degree of “intelligence” varies according to requirements.FCC 1RIU RIUFCC 2EthernetSwitchInterface cards to localnetwork (e.g. ARINC 429,SpaceWire).cPCI orVPXTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE SwitchTTE NetworkTTE SwitchControllerPower andProcessorTTESwitchcardsFCC 3Andrew Loveless (NASA JSC/EV2)Computers in therole of FCCs do notdirectly interface toany end devices.RIUCCSDS SOIS SUBNET WG Meeting – 10/2016OBCSlide: 20/28
National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNotional Fault Tolerance ApproachVoting could be integrated into the processof reading sensors/RIUs (i.e. single sourcedata requiring interactive consistency).Sensors connectedto co-located RIU.Voting over 3x redundant channelscould mask asymmetric TX by theRIU and be realized with COTSSBCs and TTE space ASICs.RIUHappening Inside FC 1-3SoftwareSW1ApplicationVote (channels)TTE DriverASIC CPUSW2Local buses(ARINC 429, RS422)SW3Majority voting onredundant messages.Two-round messageexchange occurstransparently.Vote (channels)Channel 2Voting could occur inthe NIC hardware orthe driver software.HardwareChannel 3FC1FC2FC3Channel 1Andrew Loveless (NASA JSC/EV2)CCSDS SOIS SUBNET WG Meeting – 10/2016Slide: 21/28
National Aeronautics andSpace AdministrationNational Aeronautics andSpace AdministrationNotional Fault Tolerance ApproachVoting of FC commands could be performedat the RIU. The final vote is performed betweenprocessors’ opinions, not redundant frames.Only two redundant network planes are required forcommanding, provided that switches are high-integrity(i.e.
Chip-IP Versions: Phoenix (Gen 2), Pegasus (Gen 3) Platforms: Space Micro Proton-400K, Aitech SP0-100 Operating Systems: RT-Linux and VxWorks RTOS Developed scripts to automate scheduling and deployment. Built tools for network loading, visualization, and analysis.
