Networking in Safety-Critical Environments


Overview Page

Figure 1: PikeOS architecture with mixed critiality partitions

The requirements to networking within Safety-critical environments are manifold and strongly depending on the particular use case. This is why PikeOS supports different network technologies and system architectures.

The first solution is very close to the configuration that has been discussed already here: Basic Networking.

However, instead of the lightweight IP (lwIP) stack, SYSGO's certifiable IP (CIP) software is being used. That is because even though lwIP is called "lightweight", it is still too huge in terms of code size to be certified in a real-world project.

CIP is a UDP/IP networking stack compatible with the standard RFC specifications. It is implemented as a PikeOS file provider with POSIX and PikeOS APIs. A standard socket interface is available to applications running under PikeOS, using the POSIX or PikeOS (native) guest operating systems. Figure 1 displays a scenario that truly demonstrates a mixed criticality setup. 

Black Channel Communication

Figure 2: PikeOS architecture with black channel communication

The black-channel communication principle allows the usage of an potentially unsafe communication medium as long as the endpoints can ensure the validity of the transferred data by means of an application-specific Safety protocol. In case the validity of the data is not given or the expected data does not arrive in a determined time frame, the system will enter a safe state. Typical use cases can be found in the Industrial (hyperautomation, which refers to the combination of machine vision, robotics, communication, and learning) and Railway markets.

Figure 2 displays a setup where a non-critical Linux application provides a complete TCP/IP stack that is being used as part of the black channel medium. For communication purposes in Railway projects, SYSGO offers the ready to use product SAFe-VX which is based on a 1002d two-channel architecture with a voter. The communication uses the black channel principle.

For more information, go to the SAFe-VX Product Page



Standard-Ethernet has been designed for high performance and maximum bandwidth in general purpose computer networks. However, it does not meet the needs in terms of determinism and redundancy for critical Safety environment such as in airplanes. Therefore, Aeronautical Radio (ARINC) has issued the ARINC 664 standard which describes a real-time data network based on Ethernet hardware. An ARINC 664 data network consists of redundant Ethernet cabling, switches and endpoints. Typical implementations utilize hardware FPGAs in order to process the data. On the contrary, SYSGO's solution is based on a software stack for ARINC 664 endpoints. It can be used on standard COTS hardware and is fully compliant to Airbus AFDX® networks.

For more information and benefits, please refer to the AFDX® compliant Software Stack

AFDX® is a registered trademark of Airbus.


Need more Information?

Tell us about your project and your needs.

Contact us