Mixed-Criticality on the AFDX Network: Challenges and Potential Solutions

In this paper, we first assess the most relevant existing solutions enabling mixed-criticality on the AFDX and select the most adequate one. Afterwards, the specification of an extended AFDX, based on the Burst-Limiting Shaper (BLS), is detailed to fulfill the main avionics requirements and challenges. Finally, the preliminary evaluation of such a proposal is conducted through simulations. Results show its ability to guarantee the highest criticality traffic constraints, while limiting its impact on the current AFDX traffic

Fairness in a data center

Existing data centers utilize several networking technologies in order to handle the performance requirements of different workloads. Maintaining diverse networking technologies increases complexity and is not cost effective. This results in the current trend to converge all traffic into a single networking fabric. Ethernet is both cost-effective and ubiquitous, and as such it has been chosen as the technology of choice for the converged fabric. However, traditional Ethernet does not satisfy the needs of all traffic workloads, for the most part, due to its lossy nature and, therefore, has to be enhanced to allow for full convergence. The resulting technology, Data Center Bridging (DCB), is a new set of standards defined by the IEEE to make Ethernet lossless even in the presence of congestion. As with any new networking technology, it is critical to analyze how the different protocols within DCB interact with each other as well as how each protocol interacts with existing technologies in other layers of the protocol stack. This dissertation presents two novel schemes that address critical issues in DCB networks: fairness with respect to packet lengths and fairness with respect to flow control and bandwidth utilization. The Deficit Round Robin with Adaptive Weight Control (DRR-AWC) algorithm actively monitors the incoming streams and adjusts the scheduling weights of the outbound port. The algorithm was implemented on a real DCB switch and shown to increase fairness for traffic consisting of mixed-length packets. Targeted Priority-based Flow Control (TPFC) provides a hop-by-hop flow control mechanism that restricts the flow of aggressor streams while allowing victim streams to continue unimpeded. Two variants of the targeting mechanism within TPFC are presented and their performance evaluated through simulation

Comparative Analysis of Scheduling Strategies for Heterogeneous Avionics Applications

A homogeneous avionic communication architecture to interconnect different avionics domains may bring significant advantages, such as easier installation and maintenance in addition to reduced weight and costs. This homogeneous communication architecture needs to support heterogeneous applications, where safety-critical and best effort traffic coexist. In this paper, we assess the pros and cons of the most relevant scheduling strategies supporting heterogeneous applications versus the main avionics requirements. Furthermore, we conduct a quantitative comparative analysis of the most promising solutions guaranteeing the main avionics requirements through a representative avionics case study. Results show that a recent shaper in Time Sensitive Networks is a promising solution in terms of performance and complexity

Scheduling Rate Constrained traffic in End Systems of Time-Aware Networks

Nowadays, most of cyber-physical systems in avionics, automotive or recent Industry 4.0 domains require networked communication for mixed-critical applications. Ethernet-based networks such as AFDX, TTEthernet or TSN are capable to support transmission of both safety-critical and non-critical flows. This paper focuses on the TTEthernet network compliant with the avionics ARINC 664-P7 standard supporting time-triggered communication (TT) together with rate-constrained (RC) and best-effort (BE) traffic. Due to a global synchronization, TTcommunication with low latency and minimal jitter is ensured with static schedules computed offline. For event-triggered RC flows, bounded jitter at the source and end-to-end latency are guaranteed with worst-case analysis methods. With the increasing demands of applications, flows with Quality of Service (QoS) requirements such as video or audio may be transmitted as BE flows. However, on current configurations, no guarantees are offered to BE flows. In this paper, we aim at increasing the maximum RC utilization and improving the QoS of BE flows to allow the transmission of video or audio traffic with low jitter and end-to-end delay requirements. For this, we focus on the scheduling mechanisms and propose a scheduling approach based on a static slotted table that is applied at end systems. This table integrates the TT schedules usually obtained with Satisfiability Modulo Theories (SMT) approaches and establishes offsets of RC flows that reduce the end-to-end delay of BE flows. Several strategies for offset computations are proposed based on the distribution of flows locally at end system or globally at switch. We show that local strategies perform better than the global ones to reduce end-to-end delay of BE flows

Determinism Enhancement and Reliability Assessment in Safety Critical AFDX Networks

RÉSUMÉ AFDX est une technologie basée sur Ethernet, qui a été développée pour répondre aux défis qui découlent du nombre croissant d’applications qui transmettent des données de criticité variable dans les systèmes modernes d’avionique modulaire intégrée (Integrated Modular Avionics). Cette technologie de sécurité critique a été notamment normalisée dans la partie 7 de la norme ARINC 664, dont le but est de définir un réseau déterministe fournissant des garanties de performance prévisibles. En particulier, AFDX est composé de deux réseaux redondants, qui fournissent la haute fiabilité requise pour assurer son déterminisme. Le déterminisme de AFDX est principalement réalisé par le concept de liens virtuels (Virtual Links), qui définit une connexion unidirectionnelle logique entre les points terminaux (End Systems). Pour les liens virtuels, les limites supérieures des délais de bout en bout peuvent être obtenues en utilisant des approches comme calcul réseau, mieux connu sous l’appellation Network Calculus. Cependant, il a été prouvé que ces limites supérieures sont pessimistes dans de nombreux cas, ce qui peut conduire à une utilisation inefficace des ressources et augmenter la complexité de la conception du réseau. En outre, en raison de l’asynchronisme de leur fonctionnement, il existe plusieurs sources de non-déterminisme dans les réseaux AFDX. Ceci introduit un problème en lien avec la détection des défauts en temps réel. En outre, même si un mécanisme de gestion de la redondance est utilisé pour améliorer la fiabilité des réseaux AFDX, il y a un risque potentiel souligné dans la partie 7 de la norme ARINC 664. La situation citée peut causer une panne en dépit des transmissions redondantes dans certains cas particuliers. Par conséquent, l’objectif de cette thèse est d’améliorer la performance et la fiabilité des réseaux AFDX. Tout d’abord, un mécanisme fondé sur l’insertion de trames est proposé pour renforcer le déterminisme de l’arrivée des trames au sein des réseaux AFDX. Parce que la charge du réseau et la bande passante moyenne utilisée augmente due à l’insertion de trames, une stratégie d’agrégation des Sub-Virtual Links est introduite et formulée comme un problème d’optimisation multi-objectif. En outre, trois algorithmes ont été développés pour résoudre le problème d’optimisation multi-objectif correspondant. Ensuite, une approche est introduite pour incorporer l’analyse de la performance dans l’évaluation de la fiabilité en considérant les violations des délais comme des pannes.----------ABSTRACT AFDX is an Ethernet-based technology that has been developed to meet the challenges due to the growing number of data-intensive applications in modern Integrated Modular Avionics systems. This safety critical technology has been standardized in ARINC 664 Part 7, whose purpose is to define a deterministic network by providing predictable performance guarantees. In particular, AFDX is composed of two redundant networks, which provide the determinism required to obtain the desired high reliability. The determinism of AFDX is mainly achieved by the concept of Virtual Link, which defines a logical unidirectional connection from one source End System to one or more destination End Systems. For Virtual Links, the end-to-end delay upper bounds can be obtained by using the Network Calculus. However, it has been proved that such upper bounds are pessimistic in many cases, which may lead to an inefficient use of resources and aggravate network design complexity. Besides, due to asynchronism, there exists a source of non-determinism in AFDX networks, namely frame arrival uncertainty in a destination End System. This issue introduces a problem in terms of real-time fault detection. Furthermore, although a redundancy management mechanism is employed to enhance the reliability of AFDX networks, there still exist potential risks as pointed out in ARINC 664 Part 7, which may fail redundant transmissions in some special cases. Therefore, the purpose of this thesis is to improve the performance and the reliability of AFDX networks. First, a mechanism based on frame insertion is proposed to enhance the determinism of frame arrival within AFDX networks. As the network load and the average bandwidth used by a Virtual Link increase due to frame insertion, a Sub-Virtual Link aggregation strategy, formulated as a multi-objective optimization problem, is introduced. In addition, three algorithms have been developed to solve the corresponding multi-objective optimization problem. Next, an approach is introduced to incorporate performance analysis into reliability assessment by considering delay violations as failures. This allowed deriving tighter probabilistic upper bounds for Virtual Links that could be applied in AFDX network certification. In order to conduct the necessary reliability analysis, the well-known Fault-Tree Analysis technique is employed and Stochastic Network Calculus is applied to compute the upper bounds with various probability limits

Determining a tight worst-case delay of switched Ethernet network in IEC 61850 architectures

International audienceIEC 61850 has become the reference standard for Substation Automation Systems (SAS) in smart power grids. Switched Ethernet is used for machine to machine communication within SAS. In order to meet stringent real-time constraints, the IEC 61850 application layer protocols can be mapped into different IEEE802.1Q priorities according to their real-time constraints and application criticality. However, the delay evaluation to guarantee real-time requirements can be difficult to perform, especially for lower priority but still real-time constrained traffic. In fact, most existing end-to-end worst-case delay analyses provide upper-bounds, leading to some pessimism and consequently network resource over-provision. In this paper, we present a new method for determining a tight worst-case delay. This method is based on the study of flow characteristics from a given network path. As a flow is interfered by other concurrent flows on its path, their relative offsets with the considered flow greatly impact on its delay. Studying all combinations to find the actual worst-case delay results in high complexity. We show that this complexity can be reduced by only analysing local worst-case delay at each switch in stead of the whole path where the change at each switch would need re-analysing the already analysed switches. An algorithm is also proposed to perform the analysis. An illustrating example shows that our method can reduce the pessimism as it provides the tight worst-case delay instead of the upper-bound of the worst-case delay

Multilevel Parallel Communications

The research reported in this thesis investigates the use of parallelism at multiple levels to realize high-speed networks that offer advantages in throughput, cost, reliability, and flexibility over alternative approaches. This research specifically considers use of parallelism at two levels: the upper level and the lower level. At the upper level, N protocol processors perform functions included in the transport and network layers. At the lower level, M channels provide data and physical layer functions. The resulting system provides very high bandwidth to an application. A key concept of this research is the use of replicated channels to provide a single, high bandwidth channel to a single application. The parallelism provided by the network is transparent to communicating applications, thus differentiating this strategy from schemes that provide a collection of disjoint channels between applications on different nodes. Another innovative aspect of this research is that parallelism is exploited at multiple layers of the network to provide high throughput not only at the physical layer, but also at upper protocol layers. Schedulers are used to distribute data from a single stream to multiple channels and to merge data from multiple channels to reconstruct a single coherent stream. High throughput is possible by providing the combined bandwidth of multiple channels to a single source and destination through use of parallelism at multiple protocol layers. This strategy is cost effective since systems can be built using standard technologies that benefit from the economies of a broad applications base. The exotic and revolutionary components needed in non-parallel approaches to build high speed networks are not required. The replicated channels can be used to achieve high reliability as well. Multilevel parallelism is flexible since the degree of parallelism provided at any level can be matched to protocol processing demands and application requirements