35 research outputs found
Scheduling Rate Constrained traffic in End Systems of Time-Aware Networks
Get PDFNowadays, most of cyber-physical systems in avionics, automotive or recent Industry 4.0 domains require networked
communication for mixed-critical applications. Ethernet-based networks such as AFDX, TTEthernet or TSN are capable to support transmission of both safety-critical and non-critical flows.
This paper focuses on the TTEthernet network compliant with
the avionics ARINC 664-P7 standard supporting time-triggered
communication (TT) together with rate-constrained (RC) and
best-effort (BE) traffic. Due to a global synchronization, TTcommunication with low latency and minimal jitter is ensured with static schedules computed offline. For event-triggered RC flows, bounded jitter at the source and end-to-end latency are guaranteed with worst-case analysis methods. With the increasing demands of applications, flows with Quality of Service (QoS) requirements such as video or audio may be transmitted as BE flows. However, on current configurations, no guarantees are offered to BE flows. In this paper, we aim at increasing the maximum RC utilization and improving the QoS of BE flows to allow the transmission of video or audio traffic with low jitter and end-to-end delay requirements. For this, we focus on the scheduling mechanisms and propose a scheduling approach based on a static slotted table that is applied at end systems. This table integrates the TT schedules usually obtained with Satisfiability Modulo Theories (SMT) approaches and establishes offsets of RC flows that reduce the end-to-end delay of BE flows. Several strategies for offset computations are proposed based on the distribution of flows locally at end system or globally at switch.
We show that local strategies perform better than the global ones to reduce end-to-end delay of BE flows
Worst-case delay analysis of real-time switched Ethernet networks with flow local synchronization
Get PDFLes rĂ©seaux Ethernet commutĂ© full-duplex constituent des solutions intĂ©ressantes pour des applications industrielles. Mais le non-dĂ©terminisme dâun commutateur IEEE 802.1d, fait que lâanalyse pire cas de dĂ©lai de flux critiques est encore un problĂšme ouvert. Plusieurs mĂ©thodes ont Ă©tĂ© proposĂ©es pour obtenir des bornes supĂ©rieures des dĂ©lais de communication sur des rĂ©seaux Ethernet commutĂ© full duplex temps rĂ©els, faisant lâhypothĂšse que le trafic en entrĂ©e du rĂ©seau peut ĂȘtre bornĂ©. Le problĂšme principal reste le pessimisme introduit par la mĂ©thode de calcul de cette borne supĂ©rieure du dĂ©lai. Ces mĂ©thodes considĂšrent que tous les flux transmis sur le rĂ©seau sont indĂ©pendants. Ce qui est vrai pour les flux Ă©mis par des nĆuds sources diffĂ©rents car il nâexiste pas, dans le cas gĂ©nĂ©ral, dâhorloge globale permettant de synchroniser les flux. Mais pour les flux Ă©mis par un mĂȘme nĆud source, il est possible de faire lâhypothĂšse dâune synchronisation locale de ces flux. Une telle hypothĂšse permet de bĂątir un modĂšle plus prĂ©cis des flux et en consĂ©quence Ă©limine des scĂ©narios impossibles qui augmentent le pessimisme du calcul. Le sujet principal de cette thĂšse est dâĂ©tudier comment des flux pĂ©riodiques synchronisĂ©s par des offsets peuvent ĂȘtre gĂ©rĂ©s dans le calcul des bornes supĂ©rieures des dĂ©lais sur un rĂ©seau Ethernet commutĂ© temps-rĂ©el. Dans un premier temps, il sâagit de prĂ©senter lâimpact des contraintes dâoffsets sur le calcul des bornes supĂ©rieures des dĂ©lais de bout en bout. Il sâagit ensuite de prĂ©senter comment intĂ©grer ces contraintes dâoffsets dans les approches de calcul basĂ©es sur le Network Calculus et la mĂ©thode des Trajectoires. Une mĂ©thode Calcul RĂ©seau modifiĂ©e et une mĂ©thode Trajectoires modifiĂ©e sont alors dĂ©veloppĂ©es et les performances obtenues sont comparĂ©es. Le rĂ©seau avionique AFDX (Avionics Full-Duplex Switched Ethernet) est pris comme exemple dâun rĂ©seau Ethernet commutĂ© full-duplex. Une configuration AFDX industrielle avec un millier de flux est prĂ©sentĂ©e. Cette configuration industrielle est alors Ă©valuĂ©e Ă lâaide des deux approches, selon un choix dâallocation dâoffsets donnĂ©. De plus, diffĂ©rents algorithmes dâallocation des offsets sont testĂ©s sur cette configuration industrielle, pour trouver un algorithme dâallocation quasi-optimal. Une analyse de pessimisme des bornes supĂ©rieures calculĂ©es est alors proposĂ©e. Cette analyse est basĂ©e sur lâapproche des trajectoires (rendue optimiste) qui permet de calculer une sous-approximation du dĂ©lai pire-cas. La diffĂ©rence entre la borne supĂ©rieure du dĂ©lai (calculĂ©e par une mĂ©thode donnĂ©e) et la sous-approximation du dĂ©lai pire cas donne une borne supĂ©rieure du pessimisme de la mĂ©thode. Cette analyse fournit des rĂ©sultats intĂ©ressants sur le pessimisme des approches Calcul RĂ©seau et mĂ©thode des Trajectoires. La derniĂšre partie de la thĂšse porte sur une architecture de rĂ©seau temps rĂ©el hĂ©tĂ©rogĂšne obtenue par connexion de rĂ©seaux CAN via des ponts sur un rĂ©seau fĂ©dĂ©rateur de type Ethernet commutĂ©. Deux approches, une basĂ©e sur les composants et lâautre sur les Trajectoires sont proposĂ©es pour permettre une analyse des dĂ©lais pire-cas sur un tel rĂ©seau. La capacitĂ© de calcul dâune borne supĂ©rieure des dĂ©lais pire-cas dans le contexte dâune architecture hĂ©tĂ©rogĂšne est intĂ©ressante pour les domaines industriels. ABSTRACT : Full-duplex switched Ethernet is a promising candidate for interconnecting real-time industrial applications. But due to IEEE 802.1d indeterminism, the worst-case delay analysis of critical flows supported by such a network is still an open problem. Several methods have been proposed for upper-bounding communication delays on a real-time switched Ethernet network, assuming that the incoming traffic can be upper bounded. The main problem remaining is to assess the tightness, i.e. the pessimism, of the method calculating this upper bound on the communication delay. These methods consider that all flows transmitted over the network are independent. This is true for flows emitted by different source nodes since, in general, there is no global clock synchronizing them. But the flows emitted by the same source node are local synchronized. Such an assumption helps to build a more precise flow model that eliminates some impossible communication scenarios which lead to a pessimistic delay upper bounds. The core of this thesis is to study how local periodic flows synchronized with offsets can be handled when computing delay upper-bounds on a real-time switched Ethernet. In a first step, the impact of these offsets on the delay upper-bound computation is illustrated. Then, the integration of offsets in the Network Calculus and the Trajectory approaches is introduced. Therefore, a modified Network Calculus approach and a modified Trajectory approach are developed whose performances are compared on an Avionics Full-DupleX switched Ethernet (AFDX) industrial configuration with one thousand of flows. It has been shown that, in the context of this AFDX configuration, the Trajectory approach leads to slightly tighter end-to-end delay upper bounds than the ones of the Network Calculus approach. But offsets of local flows have to be chosen. Different offset assignment algorithms are then investigated on the AFDX industrial configuration. A near-optimal assignment can be exhibited. Next, a pessimism analysis of the computed upper-bounds is proposed. This analysis is based on the Trajectory approach (made optimistic) which computes an under-estimation of the worst-case delay. The difference between the upper-bound (computed by a given method) and the under-estimation of the worst-case delay gives an upper-bound of the pessimism of the method. This analysis gives interesting comparison results on the Network Calculus and the Trajectory approaches pessimism. The last part of the thesis, deals with a real-time heterogeneous network architecture where CAN buses are interconnected through a switched Ethernet backbone using dedicated bridges. Two approaches, the component-based approach and the Trajectory approach, are developed to conduct a worst-case delay analysis for such a network. Clearly, the ability to compute end-to-end delays upper-bounds in the context of heterogeneous network architecture is promising for industrial domains
Analyse pire cas exact du réseau AFDX
Get PDFL'objectif principal de cette thĂšse est de proposer les mĂ©thodes permettant d'obtenir le dĂ©lai de transmission de bout en bout pire cas exact d'un rĂ©seau AFDX. Actuellement, seules des bornes supĂ©rieures pessimistes peuvent ĂȘtre calculĂ©es en utilisant les approches de type Calcul RĂ©seau ou par Trajectoires. Pour cet objectif, diffĂ©rentes approches et outils existent et ont Ă©tĂ© analysĂ©es dans le contexte de cette thĂšse. Cette analyse a mis en Ă©vidence le besoin de nouvelles approches. Dans un premier temps, la vĂ©rification de modĂšle a Ă©tĂ© explorĂ©e. Les automates temporisĂ©s et les outils de verification ayant fait leur preuve dans le domaine temps rĂ©el ont Ă©tĂ© utilisĂ©s. Ensuite, une technique de simulation exhaustive a Ă©tĂ© utilisĂ©e pour obtenir les dĂ©lais de communication pire cas exacts. Pour ce faire, des mĂ©thodes de rĂ©duction de sĂ©quences ont Ă©tĂ© dĂ©finies et un outil a Ă©tĂ© dĂ©veloppĂ©. Ces mĂ©thodes ont Ă©tĂ© appliquĂ©es Ă une configuration rĂ©elle du rĂ©seau AFDX, nous permettant ainsi de valider notre travail sur une configuration de taille industrielle du rĂ©seau AFDX telle que celle embarquĂ©e Ă bord des avions Airbus A380. The main objective of this thesis is to provide methodologies for finding exact worst case end to end communication delays of AFDX network. Presently, only pessimistic upper bounds of these delays can be calculated by using Network Calculus and Trajectory approach. To achieve this goal, different existing tools and approaches have been analyzed in the context of this thesis. Based on this analysis, it is deemed necessary to develop new approaches and algorithms. First, Model checking with existing well established real time model checking tools are explored, using timed automata. Then, exhaustive simulation technique is used with newly developed algorithms and their software implementation in order to find exact worst case communication delays of AFDX network. All this research work has been applied on real life implementation of AFDX network, allowing us to validate our research work on industrial scale configuration of AFDX network such as used on Airbus A380 aircraft. ABSTRACT : The main objective of this thesis is to provide methodologies for finding exact worst case end to end communication delays of AFDX network. Presently, only pessimistic upper bounds of these delays can be calculated by using Network Calculus and Trajectory approach. To achieve this goal, different existing tools and approaches have been analyzed in the context of this thesis. Based on this analysis, it is deemed necessary to develop new approaches and algorithms. First, Model checking with existing well established real time model checking tools are explored, using timed automata. Then, exhaustive simulation technique is used with newly developed algorithms and their software implementation in order to find exact worst case communication delays of AFDX network. All this research work has been applied on real life implementation of AFDX network, allowing us to validate our research work on industrial scale configuration of AFDX network such as used on Airbus A380 aircraft
Trends in avionics switched Ethernet networks
Get PDFThe AFDX (Avionics Full DupleX switched Ethernet) which has been standardized as ARINC 664 is based on Ethernet Technology
Exact worst-case communication delay analysis of AFDX network
Get PDFThe main objective of this thesis is to provide methodologies for finding exact worst case end to end communication delays of AFDX network. Presently, only pessimistic upper bounds of these delays can be calculated by using Network Calculus and Trajectory approach. To achieve this goal, different existing tools and approaches have been analyzed in the context of this thesis. Based on this analysis, it is deemed necessary to develop new approaches and algorithms. First, Model checking with existing well established real time model checking tools are explored, using timed automata. Then, exhaustive simulation technique is used with newly developed algorithms and their software implementation in order to find exact worst case communication delays of AFDX network. All this research work has been applied on real life implementation of AFDX network, allowing us to validate our research work on industrial scale configuration of AFDX network such as used on Airbus A380 aircraft
Determinism Enhancement and Reliability Assessment in Safety Critical AFDX Networks
Get PDFRĂSUMĂ AFDX est une technologie basĂ©e sur Ethernet, qui a Ă©tĂ© dĂ©veloppĂ©e pour rĂ©pondre aux dĂ©fis qui dĂ©coulent du nombre croissant dâapplications qui transmettent des donnĂ©es de criticitĂ© variable dans les systĂšmes modernes dâavionique modulaire intĂ©grĂ©e (Integrated Modular
Avionics). Cette technologie de sĂ©curitĂ© critique a Ă©tĂ© notamment normalisĂ©e dans la partie 7 de la norme ARINC 664, dont le but est de dĂ©finir un rĂ©seau dĂ©terministe fournissant des garanties de performance prĂ©visibles. En particulier, AFDX est composĂ© de deux rĂ©seaux redondants, qui fournissent la haute fiabilitĂ© requise pour assurer son dĂ©terminisme. Le dĂ©terminisme de AFDX est principalement rĂ©alisĂ© par le concept de liens virtuels (Virtual Links), qui dĂ©finit une connexion unidirectionnelle logique entre les points terminaux (End Systems). Pour les liens virtuels, les limites supĂ©rieures des dĂ©lais de bout en bout peuvent ĂȘtre obtenues en utilisant des approches comme calcul rĂ©seau, mieux connu sous lâappellation Network Calculus. Cependant, il a Ă©tĂ© prouvĂ© que ces limites supĂ©rieures sont pessimistes dans de nombreux cas, ce qui peut conduire Ă une utilisation inefficace des ressources et augmenter la complexitĂ© de la conception du rĂ©seau. En outre, en raison de lâasynchronisme de leur fonctionnement, il existe plusieurs sources de non-dĂ©terminisme dans les rĂ©seaux AFDX. Ceci introduit un problĂšme en lien avec la dĂ©tection des dĂ©fauts en temps rĂ©el. En outre, mĂȘme si un mĂ©canisme de gestion de la redondance est utilisĂ© pour amĂ©liorer la fiabilitĂ© des rĂ©seaux AFDX, il y a un risque potentiel soulignĂ© dans la partie 7 de la norme ARINC 664. La situation citĂ©e peut causer une panne en dĂ©pit des transmissions redondantes dans certains cas particuliers. Par consĂ©quent, lâobjectif de cette thĂšse est dâamĂ©liorer la performance et la fiabilitĂ© des rĂ©seaux AFDX.
Tout dâabord, un mĂ©canisme fondĂ© sur lâinsertion de trames est proposĂ© pour renforcer le dĂ©terminisme de lâarrivĂ©e des trames au sein des rĂ©seaux AFDX. Parce que la charge du
rĂ©seau et la bande passante moyenne utilisĂ©e augmente due Ă lâinsertion de trames, une stratĂ©gie dâagrĂ©gation des Sub-Virtual Links est introduite et formulĂ©e comme un problĂšme
dâoptimisation multi-objectif. En outre, trois algorithmes ont Ă©tĂ© dĂ©veloppĂ©s pour rĂ©soudre le problĂšme dâoptimisation multi-objectif correspondant. Ensuite, une approche est introduite pour incorporer lâanalyse de la performance dans lâĂ©valuation de la fiabilitĂ© en considĂ©rant les violations des dĂ©lais comme des pannes.----------ABSTRACT AFDX is an Ethernet-based technology that has been developed to meet the challenges due to the growing number of data-intensive applications in modern Integrated Modular Avionics systems. This safety critical technology has been standardized in ARINC 664 Part 7, whose purpose is to define a deterministic network by providing predictable performance guarantees. In particular, AFDX is composed of two redundant networks, which provide the determinism
required to obtain the desired high reliability.
The determinism of AFDX is mainly achieved by the concept of Virtual Link, which defines a logical unidirectional connection from one source End System to one or more destination End Systems. For Virtual Links, the end-to-end delay upper bounds can be obtained by using the Network Calculus. However, it has been proved that such upper bounds are pessimistic in many cases, which may lead to an inefficient use of resources and aggravate network design
complexity. Besides, due to asynchronism, there exists a source of non-determinism in AFDX networks, namely frame arrival uncertainty in a destination End System. This issue introduces a problem in terms of real-time fault detection. Furthermore, although a redundancy management mechanism is employed to enhance the reliability of AFDX networks, there
still exist potential risks as pointed out in ARINC 664 Part 7, which may fail redundant transmissions in some special cases. Therefore, the purpose of this thesis is to improve the performance and the reliability of AFDX networks. First, a mechanism based on frame insertion is proposed to enhance the determinism of frame arrival within AFDX networks. As the network load and the average bandwidth used by a Virtual Link increase due to frame insertion, a Sub-Virtual Link aggregation strategy, formulated as a multi-objective optimization problem, is introduced. In addition, three algorithms have been developed to solve the corresponding multi-objective optimization problem. Next, an approach is introduced to incorporate performance analysis into reliability assessment
by considering delay violations as failures. This allowed deriving tighter probabilistic upper bounds for Virtual Links that could be applied in AFDX network certification. In order to conduct the necessary reliability analysis, the well-known Fault-Tree Analysis technique is employed and Stochastic Network Calculus is applied to compute the upper bounds with various probability limits
Analysis and optimiozation of heterogeneous avionics networks
Get PDFThe aim of my thesis is to provide a resources-efficient gateway to connect Input/Output (I/O) CAN buses to a backbone network based on AFDX technology, in modern avionics communication architectures. Currently, the Remote Data Concentrator (RDC) is the main standard for gateways in avionics; and the existing implementations do not integrate any resource management mechanism. To handle these limitations, we design an enhanced CAN-AFDX RDC integrating new functions: (i) Frame Packing (FP) allowing to reduce communication overheads with reference to the currently used "1 to 1" frame conversion strategy; (ii) Hierarchical Traffic Shaping (HTS) to reduce contention on the CAN bus. Furthermore, our proposed RDC allows the connection of multiple I/O CAN buses to AFDX while guaranteeing isolation between different criticality levels, using a software partitioning mechanism. To analyze the performance guarantees offered by our proposed RDC, we considered two metrics: the end-to-end latency and the induced AFDX bandwidth consumption. Furthermore, an optimization process was proposed to achieve an optimal configuration of our proposed RDC, i.e., minimizing the bandwidth utilization while meeting the real-time constraints of communication. Finally, the capacity of our proposed RDC to meet the emerging avionics requirements has been validated through a realistic avionics case study
Analyse et optimisation des réseaux avioniques hétérogÚnes
Get PDFLa complexitĂ© des architectures de communication avioniques ne cesse de croĂźtre avec lâaugmentation du nombre des terminaux interconnectĂ©s et lâexpansion de la quantitĂ© des donnĂ©es Ă©changĂ©es. Afin de rĂ©pondre aux besoins Ă©mergents en terme de bande passante, latence et modularitĂ©, lâarchitecture de communication avionique actuelle consiste Ă utiliser le rĂ©seau AFDX (Avionics Full DupleX Switched Ethernet) pour connecter les calculateurs et utiliser des bus dâentrĂ©e/sortie (par exemple le bus CAN (Controller Area Network)) pour connecter les capteurs et les actionneurs. Les rĂ©seaux ainsi formĂ©s sont connectĂ©s en utilisant des Ă©quipements dâinterconnexion spĂ©cifiques, appelĂ©s RDC (Remote Data Concentrators) et standardisĂ© sous la norme ARINC655. Les RDCs sont des passerelles de communication modulaires qui sont reparties dans lâavion afin de gĂ©rer lâhĂ©tĂ©rogĂ©nĂ©itĂ© entre le rĂ©seau cĆur AFDX et les bus dâentrĂ©e/sortie. Certes, les RDCs permettent dâamĂ©liorer la modularitĂ© du systĂšme avionique et de rĂ©duire le coĂ»t de sa maintenance; mais, ces Ă©quipements sont devenus un des dĂ©fis majeurs durant la conception de lâarchitecture avionique afin de garantir les performances requises du systĂšme. Les implĂ©mentations existantes du RDC effectuent souvent une translation direct des trames et nâimplĂ©mentent aucun mĂ©canisme de gestion de ressources. Or, une utilisation efficace des ressources est un besoin important dans le contexte avionique afin de faciliter lâĂ©volution du systĂšme et lâajout de nouvelles fonctions. Ainsi, lâobjectif de cette thĂšse est la conception et la validation dâun RDC optimisĂ© implĂ©mentant des mĂ©canismes de gestion des ressources afin dâamĂ©liorer les performances de lâarchitecture de communication avionique tout en respectant les contraintes temporelles du systĂšme. Afin dâatteindre cet objectif, un RDC pour les architectures rĂ©seaux de type CAN-AFDX est conçu, intĂ©grant les fonctions suivantes: (i) groupement des trames appliquĂ© aux flux montants, i.e., flux gĂ©nĂ©rĂ©s par les capteurs et destinĂ©s Ă lâAFDX, pour minimiser le coĂ»t des communication sur lâAFDX; (ii) la rĂ©gulation des flux descendants, i.e., flux gĂ©nĂ©rĂ©s par des terminaux AFDX et destinĂ©s aux actionneurs, pour rĂ©duire les contentions sur le bus CAN. Par ailleurs, notre RDC permet de connecter plusieurs bus CAN Ă la fois tout en garantissant une isolation entre les flux. Par la suite, afin dâanalyser lâimpact de ce nouveau RDC sur les performances du systĂšme avionique, nous procĂ©dons Ă la modĂ©lisation de lâarchitecture CAN-AFDX, et particuliĂšrement le RDC et ses nouvelles fonctions. Ensuite, nous introduisons une mĂ©thode dâanalyse temporelle pour calculer des bornes maximales sur les dĂ©lais de bout en bout et vĂ©rifier le respect des contraintes temps-rĂ©el. Plusieurs configurations du RDC peuvent rĂ©pondre aux exigences du systĂšme avionique tout en offrant des Ă©conomies de ressources. Nous procĂ©dons donc au paramĂ©trage du RDC afin de minimiser la consommation de bande passante sur lâAFDX tout en respectant les contraintes temporelles. Ce problĂšme dâoptimisation est considĂ©rĂ© comme NP-complet, et lâintroduction des heuristiques adĂ©quates sâest avĂ©rĂ©e nĂ©cessaire afin de trouver la meilleure configuration possible du RDC. Enfin, les performances de ce nouveau RDC sont validĂ©es Ă travers une architecture CAN-AFDX rĂ©aliste, avec plusieurs bus CAN et des centaines de flux Ă©changĂ©s. DiffĂ©rents niveaux dâutilisation des bus CAN ont Ă©tĂ© considĂ©rĂ©s et les rĂ©sultats obtenus ont montrĂ© lâefficacitĂ© de notre RDC Ă amĂ©liorer la gestion des ressources du systĂšme avionique tout en respectant les contraintes temporelles de communication. En particulier, notre RDC offre une rĂ©duction de la bande passante AFDX allant jusquâĂ 40% en comparaison avec le RDC actuellement utilisĂ©. ABSTRACT : The aim of my thesis is to provide a resources-efficient gateway to connect Input/Output (I/O) CAN buses to a backbone network based on AFDX technology, in modern avionics communication architectures. Currently, the Remote Data Concentrator (RDC) is the main standard for gateways in avionics; and the existing implementations do not integrate any resource management mechanism. To handle these limitations, we design an enhanced CAN-AFDX RDC integrating new functions: (i) Frame Packing (FP) allowing to reduce communication overheads with reference to the currently used "1 to 1" frame conversion strategy; (ii) Hierarchical Traffic Shaping (HTS) to reduce contention on the CAN bus. Furthermore, our proposed RDC allows the connection of multiple I/O CAN buses to AFDX while guaranteeing isolation between different criticality levels, using a software partitioning mechanism. To analyze the performance guarantees offered by our proposed RDC, we considered two metrics: the end-to-end latency and the induced AFDX bandwidth consumption. Furthermore, an optimization process was proposed to achieve an optimal configuration of our proposed RDC, i.e., minimizing the bandwidth utilization while meeting the real-time constraints of communication. Finally, the capacity of our proposed RDC to meet the emerging avionics requirements has been validated through a realistic avionics case study
Refinement of AADL models using early-stage analysis methods : An avionics example
Get PDFModel-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and transformations to cover most of the system life-cycle: design, implementation and Verifi cation & Validation activities towards system quali fication. Still, few works evaluate the early integration of performance evaluation based on architectural models. In this report, we investigate the early-stage use of analysis in AADL modeling. Precisely, we exemplify on an avionics case study how to dimension the data flows for an application distributed over an AFDX network. Based on the insight from this study, we suggest a simple framework and associated techniques to e fficiently support analysis activities in the early-stage
design phases
