Safety-Critical Ethernet is the first completely genuine software implementation of ARINC 664 Part 7, a real-time Ethernet stack used in civil and military aerospace programs. The hardware independence of Safety-Critical Ethernet makes it flexible, adaptable, scalable and affordable.
"Avionic Full-Duplex Switched Ethernet" (ARINC 664 Part 7) is a deterministic aircraft data network bus system for public Avionic transportation, Railway and military systems. The network is based on standard IEEE802.3 Ethernet technology.
The benefit of using commercial off-the shelf (COTS) Ethernet components is to lower overall costs for the aircraft network. Hardware components, cables and test equipment for Ethernet are field proven and much more affordable than the previously used avionic specific solutions. Ethernet itself won't meet avionic network requirements. Therefore, ARINC 664 Part 7 extends the Ethernet standard by adding Quality of Service (QoS) and deterministic behavior with a guaranteed dedicated bandwidth. This avionic data network was first used in the Airbus A380 and A400M. Airbus and Boeing will extend the usage of ARINC 664 Part 7 in future developments.
Software vs. Hardware Solution
Companies involved in the ARINC-664 Part 7 specification design are all hardware development driven. These companies naturally chose to develop dedicated, custom hardware solutions using ASICs for AFDX®. But hardware solutions suffer for many reasons:
- Hardware obsolescence
- Design failures require new chip design
- More expensive than COTS hardware
- Not easily adaptable to special customer requirements
Safety-Critical Ethernet/AFDX solution from SYSGO is strictly software based and runs on COTS hardware. The advantages of a software solution are quite obvious:
- Future proof — Code can be adapted to any future requirement.
- Hazard free — Implementation issues can easily be detected and fixed.
- Flexible — Safety-Critical Ethernet Node can be dynamically configured from the host system.
- Affordable — COTS hardware is less expensive and the reusability of the software solution makes it even more affordable.
[Please note: AFDX® is an Airbus' registered trademark]
Besides portability, built-in BITE and MIB and available DO-178B certification artifacts, a minimized workload for a subsystem communicating through ARINC-664 Part 7 is another major advantage of the Safety-Critical Ethernet/AFDX solution.
Host Driver is layered for easy Porting
High throughput and small footprint combined with easy portability was the design aim of the host driver. The result is a three layer architecture where only the very small Glue Layer has to be adapted when porting to another OS. The host driver API offers all functionality to easily configure the AFDX® Node. The BITE API is also incorporated in the driver API (see details at right). PikeOS drivers as well as LynxOS-178 and Linux drivers are available.
ICMP and SNMP reside on the Safety-critical Ethernet Node
Because ICMP and SNMP both reside on the AFDX® Node, the host OS dependency is minimized. Having both services on the AFDX® Node also leaves more computing time for the host.
Integrity Management & Redundancy Management
Integrity Management and Redundancy Management are basic components of the AFDX® Node. The Safety-Critical Ethernet/AFDX from SYSGO includes a comprehensive implementation of these components, guaranteeing impressive performance.
All artifacts required to process a DO-178B certification are available. The currently available documents will cover a certification up to Level B.
Drivers available for PikeOS and LynxOS-178
Any other Safety-critical operating system can be easily adapted by SYSGO or the customer.
Configuration Service and MIB
The configuration service interprets the configuration information given by the host and takes all actions necessary to initialize the AFDX® Node as defined. The management information base is responsible for storing information about network packet errors to ease in-flight and in-shop maintenance.
Debugging and Tracing Possibilities
The AFDX® Node is also available as an instrumented version, incorporating a debug stub and tracing capability. This enables the use of standard software development environments (IDEs) as well as checking the timing behavior without requiring the use of costly hardware analyzers.
Reference implementations are available for different airborne proven PowerPC products, including PowerQUICC II, MPC5554 and QorIQ P2020.