AFDX TutorialSession One : AFDX background

IntroductionThis Session One is built around four main topics:General principle about "modern" communicationThe background of airborne data communicationAFDX standardAFDX and A380

Part 1 : Communication principlesThe key driver for the definition of the Network layering is the implementation of independance between application and communication means.Network drivercommunication serivesApplicationcommunication serivesApplicationObject Oriented paradigm

Usual communication layersOSIreferenceModelPhysical connectionDataLink/MACNetworkTransportSessionPresentationApplication servicesApplicationCommunication services

Part 2 : Aircraft communicationInternal Aircraft communicationExternal Aircraft communication : out of this tutorial scope

Historical surveyUntil recently, there was never a strong need for networking inside an aircraft.When digital technologies were introduced, the communication was limited to digital data link.The introduction of digital technologies was done in the "control of platform" area not in the "information" area.

Digital transmissionTwo kind of digital usage on-board:Processus Controlbased on sampling system techniques and data transmissiondata : the digital value of an analogical parameter (e.g. speed; heigth, attitude,....)transmission : no response is expectedInformation systemsbased of information exchangesinformation : a complex set of abtract values (e.g. digital map, flight plan, list of passenger duty free purchase, failure log book....)exchange : a response is generaly expected, at least to indicated that the information is received.This "complex set of abstract values" gives usually a huge amount of bytes.... This is one reason that calls for higher speed data link

Processus control requirementsAs the transmitted data are involved in processus control , the transmission must be done with a minimum bounded delay. The stability of the flight relies on this transmissionTime, integrity and availability are the key driver.

Some principles:no common shared resource (limited risk of common failure)one source, one ligne, several receiversthe transmitter does not need to know who receives datano time synchronisation between transmitter and receivercommon shared time is a kind of common resource

Aeronautical response : ARINC 429 Digital Information Transfer System

ARINC 429 reminderEach line has only one source and is connected to every equipment that need the data transmitted by the sourceEach data in individually identified (by a label) and sentPhysical connectionDataLink/MACNetworkTransportSessionPresentationApplication

Information System requirementIn Information system, the major requirement is to insure that the information is transmitted without any error.Some principles:the information should be acknowledgeddelay is not critical and messages can be sent again in case of errorThe former aircraft generation still used A429 but added acknowledged data block Physical connectionDataLink/MACNetworkTransport

Avionics market evolutionThe evolution of the avionics market is exposed to a great pressure for reducing cost.In the same time, mature concepts arised: Electronics Modularity Operating System Decision to re-use and share common resource

AFDX : a real challengeThe key driver for AFDX design choices must answer to lot of contradictory objectives:To transmit data under strong time constraintTo guarantee information exchange according to client/server modelTo reduce cost by using/reusing commercial component (COTS: commercial off-the-shelf) under certification constraint

Technological choicesCommunication technologies from desktop computing market->Best candidate : Ethernet for Physical layer Internet for upper protocol layer

Communication technologies from multimedia telecom market->Best candidate : ATM (backbone telecom and ADSL) and cell switching

Final choiceKey drivers:Heavy aeronautical background:time constraintsafetyArrival of Switched Ethernet (from ATM concept)Low cost, market size of desktop computing versus small telco market

.... and the winner is...

Switched full duplex Ethernet with some specific deviations to cope with real time/certification constraints

AFDX : Avionics Full DupleX switched Ethernet

Part 3 : AFDX standardThe standardisation bodyAFDX is undertaken by the civil aviation usual standardisation body: ARINC/AEEC ADN working group ARINC : Aeronautical Radio Inc. funded by airlines, in charge of the definiton of Aeronautical standards that ensure interchangeability and interoperability. AEEC : Airlines Electronic Engineering Committee ADN : Aircraft Data Network working groupThe standardAFDX is described as ARINC specification 664 part 7The ARINC 664 covers in general, the usage of Ethernet as an airborne communication system, extended to the confidentiality issues and future IPv6 extensions.

Key features of AFDXAFDX is the common communication system used for modular avionics architecture.It is compliant with the following design key features:It is based on Open Standardas required by cost and commercial standard reuse objectiveIt provides "Resource Sharing" as required by modularity, reuse, and cost objectiveIt provides "Robust Partitioning" as required by resource sharing and safety, certification constraintsIt provides "Determinism" and "Availability" as required by safety, certification constraints

The AFDX key features are mainly concentrated on the Data Link layer.

AFDX : an Open StandardOSIreferenceModelIETF InternetstdIPTCP/UDPSNMPIEEEstdIEEE 802.3"Ethernet"TFTPPhysical connectionDataLink/MACNetworkTransportSessionPresentationApplicationAFDX special features

AFDX : basic network architectureAFDX is based on the Ethernet switched network.It is built with:Switches, network devices in charge of data forwardingEnd System, network devices in charge of data transmission/reception ESSWmodular avionocsESmodularavionocsESLRUESRDCESSWSWSWmodularavionocsESSWSWmodularavionocsESLRUESRDCES

AFDX key feature : Resource SharingThe main resources shared by AFDX are the wiring and the attached network devicesIMA/IMEmoduleRDCIMA/IMEmoduleESIMA/IMEmoduleESLRUESRDCESSWSWSWESSWSWIMA/IMEmoduleESLRUESES

AFDX key feature : Virtual LinkThe robust partitioning for networking is applied on bandwidth allocated to "communication channel".The VL model is ARINC429 "single wire" and the ATM "Virtual Channel"one wire/channel for one data source, distributed to all who neededThe AFDX response is:one channel (named VL "Virtual Link") for one data source, distributed with multicast Ethernet address channels are merged together on one Ethernet data linkESESESESAFDX

Ethernet data link

Virtual LinkARINC 429

N/A

twisted pair copper wireSW

AFDX key feature : "Firewalling"Another feature related to robust partition and safety is the integrated "firewall" provided by the AFDX.This firewall is implemented by Access Control List (ACL) mechanism.SWESEthernet data link

Virtual LinkESESESTraffic filtering : Restricted access for only configured VLTraffic filtering : Restricted access for only configured VLTraffic filtering+ forwardingTraffic filtering

AFDX key feature : RedundancyIn response to the "Availability" requirement AFDX network is basicaly redundant.Each End-System has the capability to send twice each message toward to independant set of switches.network Bnetwork AESSWSWSWSWESESKey Feature : Redundancy Management=> each frames are sorted when received.Key Feature : Redundancy Management=> each frames are numbered when transmitted.

AFDX key feature : Latency management(1/3)The VL receive a "Bandwidth contract". This contract is expressed in terms of:Maximum Frame Size (MFS)Minimum time between two framesnamed Bandwidth Allocation Gap (BAG)Max contractual bandwidth[kbit/s] = MFS[bit]/BAG[ms]Single VL max bandwidth = c.a. 12Mb/sSource ApplicationEnd System traffic shapingBAGBAGdeterminism reason

AFDX key feature : Latency management(2/3)The robust partitioning relies on "Bandwidth contract" granted to each Virtual Link.The ES has Bandwidth Contract for each Virtual Link and must comply with this contractThe Switches know the term of the contract for each Virtual Link and monitor the traffic to check if contract is respected.SWESESESESKey feature : Traffic shapingthe traffic is generated according to bandwidth contractKey Feature : Traffic policingthe traffic is monitored according to bandwidth contract

AFDX key feature : Latency management (3/3)In AFDX context the determinism is defined as the control of maximum transmission delay through the network.The enabler of such control is precisely the bandwidth contract.Ethernet Switch provides better capability for determinism than usual Ethernet Hub because there is no collision and no transmission random retry.SWESEthernet data link

shared output message queue

Virtual LinkESESESKey feature : Bounded latency The knowledge of bandwidth contract allows to evaluated the worst case filling level of shared output queue and, hence to estimate the message delay

AFDX "counterpart" : Virtual LinkFit perfectly usual "non shared" aeronautical communication (ARINC429) like in "process control" where the bandwidth is continuously used.

Difficult to manage bi-directional communication like in modern "information system"Leads to create large number of VL even if the VL is not used continuously

AFDX "counterpart" : Latency managementThe latency computation is based on the worst case that can happens. This is a certification concern not a performance concern!!

As far as we can not state on the actual source traffic, the latency is systematically majored....This gives a certifiable network configuration that under-uses the true Ethernet capability

Part 4 : The AFDX and the A380Requested performanceAirbus requirements impose a strong constraint on time and "proof of determinism"Computation of UDP message, IP fragmentation, traffic shaping, redundancy generation, Ethernet frame building < 150sReception of continuous "back to back" Ethernet, traffic filtering, redundancy management, IP reassembly < 150sFrame forwarding, traffic policing, multicast management < 100sAFDX suppliersTwo AFDX suppliers:Rockwell-Collins : Switches and End SystemThales : End System

Open Standard benefitsThe use of "Open standard" such as Ethernet reduces the development cost in the following areas:Laboratory Instrumentation.... Ethernet standard tools are used, no need to develop specific toolsDesign and development.... the definition of the standard relies on existing data and expertiseHowever, this benefit should be mitigated because the use of equipment in an aircraft need to have trusted development that commercial components can not provideThe result is that the material itself is still developped specifically for aeronautical market (...with the cost associated to certification compliance...)