Using network calculus to optimize the AFDX network

This paper presents quantitative results we obtained when optimizing the setting of priorities of the AFDX traffic flows, with the objective to obtain tighter latency and queue-size deterministic bounds (those bounds are calculated by our Network Calculus tool). We first point out the fact that setting randomly the priorities gives worse bounds than using no priorities, and we then show experiments on the basis of classic optimization techniques such as a descent method and a tentative AlphaBetaassisted brute-force approach: both of them haven’t brought significantly better results. We finally present experiments based on genetic algorithms, and we show how driving these algorithms in an adequate way has allowed us to deliver a full range of priority configurations that bring tighter bounds and allow the network traffic designer to trade off average gains of 40% on all the latency bounds against focused improvement on the largest queue-size bound (up to a 30% reduction)

Determinism Enhancement and Reliability Assessment in Safety Critical AFDX Networks

RÉSUMÉ AFDX est une technologie basée sur Ethernet, qui a été développée pour répondre aux défis qui découlent du nombre croissant d’applications qui transmettent des données de criticité variable dans les systèmes modernes d’avionique modulaire intégrée (Integrated Modular Avionics). Cette technologie de sécurité critique a été notamment normalisée dans la partie 7 de la norme ARINC 664, dont le but est de définir un réseau déterministe fournissant des garanties de performance prévisibles. En particulier, AFDX est composé de deux réseaux redondants, qui fournissent la haute fiabilité requise pour assurer son déterminisme. Le déterminisme de AFDX est principalement réalisé par le concept de liens virtuels (Virtual Links), qui définit une connexion unidirectionnelle logique entre les points terminaux (End Systems). Pour les liens virtuels, les limites supérieures des délais de bout en bout peuvent être obtenues en utilisant des approches comme calcul réseau, mieux connu sous l’appellation Network Calculus. Cependant, il a été prouvé que ces limites supérieures sont pessimistes dans de nombreux cas, ce qui peut conduire à une utilisation inefficace des ressources et augmenter la complexité de la conception du réseau. En outre, en raison de l’asynchronisme de leur fonctionnement, il existe plusieurs sources de non-déterminisme dans les réseaux AFDX. Ceci introduit un problème en lien avec la détection des défauts en temps réel. En outre, même si un mécanisme de gestion de la redondance est utilisé pour améliorer la fiabilité des réseaux AFDX, il y a un risque potentiel souligné dans la partie 7 de la norme ARINC 664. La situation citée peut causer une panne en dépit des transmissions redondantes dans certains cas particuliers. Par conséquent, l’objectif de cette thèse est d’améliorer la performance et la fiabilité des réseaux AFDX. Tout d’abord, un mécanisme fondé sur l’insertion de trames est proposé pour renforcer le déterminisme de l’arrivée des trames au sein des réseaux AFDX. Parce que la charge du réseau et la bande passante moyenne utilisée augmente due à l’insertion de trames, une stratégie d’agrégation des Sub-Virtual Links est introduite et formulée comme un problème d’optimisation multi-objectif. En outre, trois algorithmes ont été développés pour résoudre le problème d’optimisation multi-objectif correspondant. Ensuite, une approche est introduite pour incorporer l’analyse de la performance dans l’évaluation de la fiabilité en considérant les violations des délais comme des pannes.----------ABSTRACT AFDX is an Ethernet-based technology that has been developed to meet the challenges due to the growing number of data-intensive applications in modern Integrated Modular Avionics systems. This safety critical technology has been standardized in ARINC 664 Part 7, whose purpose is to define a deterministic network by providing predictable performance guarantees. In particular, AFDX is composed of two redundant networks, which provide the determinism required to obtain the desired high reliability. The determinism of AFDX is mainly achieved by the concept of Virtual Link, which defines a logical unidirectional connection from one source End System to one or more destination End Systems. For Virtual Links, the end-to-end delay upper bounds can be obtained by using the Network Calculus. However, it has been proved that such upper bounds are pessimistic in many cases, which may lead to an inefficient use of resources and aggravate network design complexity. Besides, due to asynchronism, there exists a source of non-determinism in AFDX networks, namely frame arrival uncertainty in a destination End System. This issue introduces a problem in terms of real-time fault detection. Furthermore, although a redundancy management mechanism is employed to enhance the reliability of AFDX networks, there still exist potential risks as pointed out in ARINC 664 Part 7, which may fail redundant transmissions in some special cases. Therefore, the purpose of this thesis is to improve the performance and the reliability of AFDX networks. First, a mechanism based on frame insertion is proposed to enhance the determinism of frame arrival within AFDX networks. As the network load and the average bandwidth used by a Virtual Link increase due to frame insertion, a Sub-Virtual Link aggregation strategy, formulated as a multi-objective optimization problem, is introduced. In addition, three algorithms have been developed to solve the corresponding multi-objective optimization problem. Next, an approach is introduced to incorporate performance analysis into reliability assessment by considering delay violations as failures. This allowed deriving tighter probabilistic upper bounds for Virtual Links that could be applied in AFDX network certification. In order to conduct the necessary reliability analysis, the well-known Fault-Tree Analysis technique is employed and Stochastic Network Calculus is applied to compute the upper bounds with various probability limits

Improving Bandwidth Utilization With Deterministic Delivery Guarantees in AFDX through Traffic Phase-Shifting

The Avionic Full-Duplex Switched Ethernet (AFDX) is a data network certified for avionic operations. AFDX closely follows the IEEE 802.3 (Ethernet) standard for packet forwarding. On top of that, bandwidth enforcement using traffic shaping is performed to provide deterministic delivery guarantees. The design of an AFDX network, however, imposes that bandwidth enforcement is performed at a coarse granularity. This, together with the tight requirements on transmission jitter, determines a low utilization of the physical links. In this work, we propose traffic phase shifting (TPS) as a way to increase the granularity of bandwidth assignment to nodes of an AFDX network using logic time synchronization among traffic sources. Specifically, we leverage the periodic nature of real-time traffic and use phase-shifing to prevent link congestion. This in turns allows a more fine-grained bandwidth control via the AFDX protocol. We show that TPS leads to significant improvements in terms of per-link utilization without violating predictability.CNS-1219064CNS-1302563Ope

Refinement of AADL models using early-stage analysis methods : An avionics example

Model-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and transformations to cover most of the system life-cycle: design, implementation and Verifi cation & Validation activities towards system quali fication. Still, few works evaluate the early integration of performance evaluation based on architectural models. In this report, we investigate the early-stage use of analysis in AADL modeling. Precisely, we exemplify on an avionics case study how to dimension the data flows for an application distributed over an AFDX network. Based on the insight from this study, we suggest a simple framework and associated techniques to e fficiently support analysis activities in the early-stage design phases

Analyse et optimisation des réseaux avioniques hétérogènes

La complexité des architectures de communication avioniques ne cesse de croître avec l’augmentation du nombre des terminaux interconnectés et l’expansion de la quantité des données échangées. Afin de répondre aux besoins émergents en terme de bande passante, latence et modularité, l’architecture de communication avionique actuelle consiste à utiliser le réseau AFDX (Avionics Full DupleX Switched Ethernet) pour connecter les calculateurs et utiliser des bus d’entrée/sortie (par exemple le bus CAN (Controller Area Network)) pour connecter les capteurs et les actionneurs. Les réseaux ainsi formés sont connectés en utilisant des équipements d’interconnexion spécifiques, appelés RDC (Remote Data Concentrators) et standardisé sous la norme ARINC655. Les RDCs sont des passerelles de communication modulaires qui sont reparties dans l’avion afin de gérer l’hétérogénéité entre le réseau cœur AFDX et les bus d’entrée/sortie. Certes, les RDCs permettent d’améliorer la modularité du système avionique et de réduire le coût de sa maintenance; mais, ces équipements sont devenus un des défis majeurs durant la conception de l’architecture avionique afin de garantir les performances requises du système. Les implémentations existantes du RDC effectuent souvent une translation direct des trames et n’implémentent aucun mécanisme de gestion de ressources. Or, une utilisation efficace des ressources est un besoin important dans le contexte avionique afin de faciliter l’évolution du système et l’ajout de nouvelles fonctions. Ainsi, l’objectif de cette thèse est la conception et la validation d’un RDC optimisé implémentant des mécanismes de gestion des ressources afin d’améliorer les performances de l’architecture de communication avionique tout en respectant les contraintes temporelles du système. Afin d’atteindre cet objectif, un RDC pour les architectures réseaux de type CAN-AFDX est conçu, intégrant les fonctions suivantes: (i) groupement des trames appliqué aux flux montants, i.e., flux générés par les capteurs et destinés à l’AFDX, pour minimiser le coût des communication sur l’AFDX; (ii) la régulation des flux descendants, i.e., flux générés par des terminaux AFDX et destinés aux actionneurs, pour réduire les contentions sur le bus CAN. Par ailleurs, notre RDC permet de connecter plusieurs bus CAN à la fois tout en garantissant une isolation entre les flux. Par la suite, afin d’analyser l’impact de ce nouveau RDC sur les performances du système avionique, nous procédons à la modélisation de l’architecture CAN-AFDX, et particulièrement le RDC et ses nouvelles fonctions. Ensuite, nous introduisons une méthode d’analyse temporelle pour calculer des bornes maximales sur les délais de bout en bout et vérifier le respect des contraintes temps-réel. Plusieurs configurations du RDC peuvent répondre aux exigences du système avionique tout en offrant des économies de ressources. Nous procédons donc au paramétrage du RDC afin de minimiser la consommation de bande passante sur l’AFDX tout en respectant les contraintes temporelles. Ce problème d’optimisation est considéré comme NP-complet, et l’introduction des heuristiques adéquates s’est avérée nécessaire afin de trouver la meilleure configuration possible du RDC. Enfin, les performances de ce nouveau RDC sont validées à travers une architecture CAN-AFDX réaliste, avec plusieurs bus CAN et des centaines de flux échangés. Différents niveaux d’utilisation des bus CAN ont été considérés et les résultats obtenus ont montré l’efficacité de notre RDC à améliorer la gestion des ressources du système avionique tout en respectant les contraintes temporelles de communication. En particulier, notre RDC offre une réduction de la bande passante AFDX allant jusqu’à 40% en comparaison avec le RDC actuellement utilisé. ABSTRACT : The aim of my thesis is to provide a resources-efficient gateway to connect Input/Output (I/O) CAN buses to a backbone network based on AFDX technology, in modern avionics communication architectures. Currently, the Remote Data Concentrator (RDC) is the main standard for gateways in avionics; and the existing implementations do not integrate any resource management mechanism. To handle these limitations, we design an enhanced CAN-AFDX RDC integrating new functions: (i) Frame Packing (FP) allowing to reduce communication overheads with reference to the currently used "1 to 1" frame conversion strategy; (ii) Hierarchical Traffic Shaping (HTS) to reduce contention on the CAN bus. Furthermore, our proposed RDC allows the connection of multiple I/O CAN buses to AFDX while guaranteeing isolation between different criticality levels, using a software partitioning mechanism. To analyze the performance guarantees offered by our proposed RDC, we considered two metrics: the end-to-end latency and the induced AFDX bandwidth consumption. Furthermore, an optimization process was proposed to achieve an optimal configuration of our proposed RDC, i.e., minimizing the bandwidth utilization while meeting the real-time constraints of communication. Finally, the capacity of our proposed RDC to meet the emerging avionics requirements has been validated through a realistic avionics case study

Analysis and optimiozation of heterogeneous avionics networks

The aim of my thesis is to provide a resources-efficient gateway to connect Input/Output (I/O) CAN buses to a backbone network based on AFDX technology, in modern avionics communication architectures. Currently, the Remote Data Concentrator (RDC) is the main standard for gateways in avionics; and the existing implementations do not integrate any resource management mechanism. To handle these limitations, we design an enhanced CAN-AFDX RDC integrating new functions: (i) Frame Packing (FP) allowing to reduce communication overheads with reference to the currently used "1 to 1" frame conversion strategy; (ii) Hierarchical Traffic Shaping (HTS) to reduce contention on the CAN bus. Furthermore, our proposed RDC allows the connection of multiple I/O CAN buses to AFDX while guaranteeing isolation between different criticality levels, using a software partitioning mechanism. To analyze the performance guarantees offered by our proposed RDC, we considered two metrics: the end-to-end latency and the induced AFDX bandwidth consumption. Furthermore, an optimization process was proposed to achieve an optimal configuration of our proposed RDC, i.e., minimizing the bandwidth utilization while meeting the real-time constraints of communication. Finally, the capacity of our proposed RDC to meet the emerging avionics requirements has been validated through a realistic avionics case study

Modelação e simulação de equipamentos de rede para Indústria 4.0

Currently, the industrial sector has increasingly opted for digital technologies in order to automate all its processes. This development comes from notions like Industry 4.0 that redefines the way these systems are designed. Structurally, all the components of these systems are connected in a complex network known as the Industrial Internet of Things. Certain requirements arise from this concept regarding industrial communication networks. Among them, the need to ensure real-time communications, as well as support for dynamic resource management, are extremely relevant. Several research lines pursued to develop network technologies capable of meeting such requirements. One of these protocols is the Hard Real-Time Ethernet Switch (HaRTES), an Ethernet switch with support for real-time communications and dynamic resource management, requirements imposed by Industry 4.0. The process of designing and implementing industrial networks can, however, be quite time consuming and costly. These aspects impose limitations on testing large networks, whose level of complexity is higher and requires the usage of more hardware. The utilization of network simulators stems from the necessity to overcome such restrictions and provide tools to facilitate the development of new protocols and evaluation of communications networks. In the scope of this dissertation a HaRTES switch model was developed in the OMNeT++ simulation environment. In order to demonstrate a solution that can be employed in industrial real-time networks, this dissertation presents the fundamental aspects of the implemented model as well as a set of experiments that compare it with an existing laboratory prototype, with the objective of validating its implementation.Atualmente o setor industrial tem vindo cada vez mais a optar por tecnologias digitais de forma a automatizar todos os seus processos. Este desenvolvimento surge de noções como Indústria 4.0, que redefine o modo de como estes sistemas são projetados. Estruturalmente, todos os componentes destes sistemas encontram-se conectados numa rede complexa conhecida como Internet Industrial das Coisas. Certos requisitos advêm deste conceito, no que toca às redes de comunicação industriais, entre os quais se destacam a necessidade de garantir comunicações tempo-real bem como suporte a uma gestão dinâmica dos recursos, os quais são de extrema importância. Várias linhas de investigação procuraram desenvolver tecnologias de rede capazes de satisfazer tais exigências. Uma destas soluções é o "Hard Real-Time Ethernet Switch" (HaRTES), um switch Ethernet com suporte a comunicações de tempo-real e gestão dinâmica de Qualidade-de-Serviço (QoS), requisitos impostos pela Indústria 4.0. O processo de projeto e implementação de redes industriais pode, no entanto, ser bastante moroso e dispendioso. Tais aspetos impõem limitações no teste de redes de largas dimensões, cujo nível de complexidade é mais elevado e requer o uso de mais hardware. Os simuladores de redes permitem atenuar o impacto de tais limitações, disponibilizando ferramentas que facilitam o desenvolvimento de novos protocolos e a avaliação de redes de comunicações. No âmbito desta dissertação desenvolveu-se um modelo do switch HaRTES no ambiente de simulação OMNeT++. Com um objetivo de demonstrar uma solução que possa ser utilizada em redes de tempo-real industriais, esta dissertação apresenta os aspetos fundamentais do modelo implementado bem como um conjunto de experiências que o comparam com um protótipo laboratorial já existente, no âmbito da sua validação.Mestrado em Engenharia Eletrónica e Telecomunicaçõe

Real-time performance analysis of a QoS based industrial embedded network

AFDX serves as a backbone network for transmission of critical avionic flows. This network is certified thanks to the WCTT analysis using Network Calculus (NC) approach. However, the pessimism introduced by NC approach often leads to an over-sized and eventually an underutilized network. The manufacturers envision to better use the available network resources by increasing occupancy rate of the AFDX network by allowing additional traffic from other critical and non-critical functions. Such harmonization of AFDX network with mixed criticality flows necessitates the use of QoS mechanism to satisfy the delay constraints in different classes of flow. In this thesis we study such QoS-aware network, in particular, based on DRR and WRR scheduling. We propose an optimal bandwidth distribution method that ensures the service required by critical flows while providing maximum service to other non-critical flows. We also propose an optimized NC approach to compute tight delay bounds. Our approach has led to computation of up to 40% tighter bounds, in an industrial AFDX configuration, as compared to the classical approach

Design and Architecture of a Hardware Platform to Support the Development of an Avionic Network Prototype

Résumé en français La récente évolution des architectures des systèmes avioniques a permis la création de réseaux avioniques modulaire embarqués (IMA) et l’augmentation du nombre de systèmes embarqués numériques dans chaque avion. Cette transition vers une nouvelle génération d’avions plus électriques permet une réduction du poids et de la consommation énergétique des aéronefs et aussi des couts de production et d’entretien. Pour atteindre une réduction du poids encore plus poussée et une amélioration de la bande passante des réseaux utilisés, des technologies innovatrices ont récemment été adoptées : ARINC 825 et AFDX qui permettent en fait une réduction du câblage nécessaire pour réaliser le réseau embarqué.Dans le cadre du projet AVIO 402, qui inclus plusieurs sujets de recherche qui concernent aussi les capteurs et leur interface avec le système IMA, une nouvelle architecture a été proposée pour la réalisation du réseau utilisé pour le système de contrôle de vol. Cette architecture est basée sur des bus ARINC 825 locaux, connectés entre eux en utilisant un réseau AFDX qui offre une meilleure bande passante ; les ponts entre les deux protocoles et les modules qui connectent les nœuds au réseau ont une structure générique pour supporter des protocoles différents et aussi plusieurs types des capteurs et actionneurs. Pour une évaluation des performances et une analyse des défis de son implémentation, la réalisation d’un prototype du réseau proposé est requise par le projet. Dans ce mémoire, le développement d’une plateforme matérielle pour soutenir la réalisation de ce prototype est traité et trois modules fondamentaux du prototype ont été conçus sous forme de "IP core" pour être subséquemment intégrés dans l’architecture du réseau qui sera implémenté en utilisant des FPGA. Les trois systèmes sont le contrôleur du bus CAN, utilisé comme base pour l’implémentation du protocole ARINC 825, le "End System" AFDX et le commutateur nécessaires pour la réalisation d’un réseau AFDX. Dans la première partie de ce mémoire, les objectifs visés sont présentés et une analyse des spécifications des protocoles considérés est fournie, cela permet d’identifier les fonctionnalités qui doivent être incluses dans chaque système et de déterminer si des solutions pour leur implémentation ont déjà été publiées et peuvent être réutilisées. Ensuite, le développement de chaque système est présenté et les choix de conception sont expliqués afin de montrer comment les fonctionnalités requises par les spécifications des deux protocoles peuvent être implémentées pour mieux répondre aux nécessités du projet AVIO 402.----------Abstract The objective of the present project is to design three modules for a hardware platform that will support the implementation of an avionic network prototype based on the FPGA technology. The considered network has been conceived to reduce cabling weight and to improve the available bandwidth, and it exploits the recently introduced ARINC 825 and AFDX protocols. In order to support the implementation of both these protocols, a CAN bus controller, an AFDX End System, and an AFDX Switch have been designed. After an extensive review of the existing literature about the two related avionic protocols, a study of the existing solutions for CAN and Ethernet protocols, on which they are based, has been done as well to identify what knowledge and technology could be reused. Because they are very similar, a flexible CAN controller has been implemented in hardware instead of an ARINC 825 one in order to support both these technologies and in order to reduce the IP core size. A combined HW/SW approach has been preferred for the AFDX End System architecture to leverage an existing UDP/IP protocol stack and the Ethernet layer included in the Linux kernel has been modified to create a portable and configurable implementation of AFDX. Since various problems have been encountered to reproduce an ARINC 653 compliant environment on the embedded system, the suggested design has been ported in a PC. Finally, an original solution for the implementation of the AFDX switch fabric has been finally presented; a space-division switching architecture has been chosen and tailored to meet the AFDX specification. Hardware parallelism is exploited to reduce the latency introduced on each frame by filtering them concurrently. Input buffers have been duplicated to separate high from low priority traffics, further reducing latency of critical frames and creating a redundancy that reduce the possibility of packet loss. Packet scheduling and double queuing guarantee that all critical frames are forwarded before low priority ones.Keywords: Avionic Full-Duplex Switched Ethernet, AFDX, ARINC 664, ARINC 825, CAN, Avionic Data Networks, Ethernet Switch, FPGA

Modeling of Avionics Systems using JGrafchart and TrueTime

The first part of the thesis aims to investigate the applicability of JGrafchart and its associated Model of Computation(MoC) for describing sequential control in aircraft primary power distribution systems. The motivation behind this is the need for better modeling tools and in particular support for separation between nominal control and fault handling. Also, as system complexity increases, better structuring capabilities are required. The application for this part of the thesis is a typical primary power distribution system in a medium-sized aircraft, and JGrafchart is used as substitute for Stateflow for the sequential parts of the controller. Simulations were run to determine whether JGrafchart is suitable for these types of systems, and if it provided any additional value compared to Stateflow. The second part focus around a different tool (TrueTime) to help assess the impact of embedded architecture on control performance. Today it is common for systems to be distributed over multi-tasking kernel nodes, which communicate on different networks. In these systems the nodes compete for the shared resources (The CPU and bandwidth) and the distribution of bandwidth is determined by the network protocol. Since the shared resources are limited in terms of bandwidth different kinds of delays arise, such as transmission delays and back-off times. The delays might lower the control performance significantly, which is why it is important to identify them early in the development process, preferably at the design stage. In the thesis, TrueTime is extended to support Avionics Full Duplex Switched Ehternet(AFDX) and applied to a typical aircraft electric power system