verification of time sensitive networking based ethernet ...€¦ · • security: ensuring safety...
TRANSCRIPT
Verification of Time Sensitive Networking based Ethernet enabled automotive communication systemsWasiq Zia
Senior Principal Software Engineer, Verification IP R&D Cadence Design Systems
IEEE-SA Ethernet & IP @ Automotive Technology Day
2nd November 2017
Automotive Network Connectivity Evolution
Past Now Future
Automotive Ethernet is the cable networkthat connects most of in-vehicle components,
like cameras, sensors, meters, infotainments,
human interfaces and etc.
Easy access, debug, fast, high bandwidth
Disparate protocols, heavy
network of jumbled wires,
low bandwidth, difficult to
debug
Image Source : Automotive Ethernet : An Overview, ixia Whitepaper
Characteristics of TSN based Automotive network
• Economic: reusable, maintainable
• Hard Real-time, Latency-critical
• QoS: Priority control, bandwidth guaranteed
• Security: Ensuring safety system
• Low Power: power saving, green energy
• Being comparatively new, more opportunity
for verification and improvements in system
Min. Latency
Real-time
QoS
• Reduced worst-case delays
4 μs or less per hop @1 Gbps for short messages *
• Improved robustness
Alternative paths with “instant” switchover
Seamless redundancy using multiple streams
Multiple clock sources with “instant” switchover
• Scalability
Reduced management traffic for reservations and configuration
* Reference : IEEE 802 Time-Sensitive Networking: Extending
Beyond AVB by Michael D. Johas Teener, BRCM
The system and its layers…
Link Layer
Phy Layer
MiddleWare
Application ApplicationThese blocks are typically the steering control, infotainment
system, reverse parking assist, GPS system that provide the
input to systems like AUTOSAR etc.
Ensures compliance with the various safety standards and
establishing the safeguards. Middleware is taken care of by
Fault Simulators
This layer contains all the different communication
protocols used for automotive applications. The
AVB/TSN/TTE etc. are part of this layer. Helps in scheduling
traffic depending on the compliance standards enforced
by the upper layer. Acts as the intermediate from
compliance to physical layer.
Link and Physical layer require robust functional
verification for ensuring that requirements are met.
Image Reference : Intra-Vehicle Networks: A Review
Shane Tuohy, Martin Glavin, Member, IEEE, Ciarán Hughes, Edward Jones, Member, IEEE,
Mohan Trivedi, Fellow, IEEE, and Liam Kilmartin, Member, IEEE,
IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS
Verification Challenges• High compute power
• Long term reliability (~20 years)
• Extreme climates and temperature
operation
• Higher bandwidth
• All this at low power
• Reduce accidents due to system
failure
• No accidents due to hacks
• Zero component failures
• Zero human error related
failures/accidents
And the goal is to…
Several protocols and still counting…
Professional Audio Products
Automotive Networking
Industrial Automation
Base
• 802.1AS PTP Profiles
• Preemption and Interspersing(802.1Qbu and 802.3br)
• Credit Based Shaping (802.1Qav)
• Time Aware Shaping(802.1Qbv)
• Stream Reservation (802.1Qat)
Advanced
• 802.1Qca : Redundancy using the best path algorithms
• 802.1CB : Multipath frame duplication and recovery
• 802.1Qch : Cyclic Queuing
• 802.1Qci : Per-Stream filtering
• MSRP protocol for bandwidth reservation
Scheduling and Timing Conundrum
Application Level Frames
(Video, Audio, Control Data)
Scheduling
Transmission Selection
Mac Merge
Data Protection &
Transmission
Str
ea
m e
sta
blis
hm
en
t
Tim
est
am
pin
g U
nit
Ingress Filtering
Egress Filtering
Fragmentation
MAC and PHY Medium
Application Level Frames
(Video, Audio, Control Data)
Mac Merge
Data Protection &
Transmission
Str
ea
m e
sta
blis
hm
en
t
Tim
est
am
pin
g U
nit
Fragmentation
MAC and PHY Medium
Transmitter Receiver
No equivalent block
for scheduling or
transmission selection
How to verify a
block when Rx is
agnostic to the
behavior?
How to verify timing
corrections without
bridges?
Timestamping
802.1AS
•Synchronize all the clocks throughout the network
•Controls the gate events for time aware shaper
•Ensures that preemption delays are honored
Image Source : http://www.luminex.be/improve-your-timekeeping-with-ptpv2
Grand Master1
Grand Master2
Slave
Slave
Current GM
Better
than GM1
ANNOUNCE “I am better”
GM Selection
• Ensure that peer delay mechanism works
• Use Best GM clock algorithm
• Provide correction field estimation
• Handle discontinuities
• Use multi-port verification component to
validate clock correction
Clock
Synchronisation
MSRP• Used to create a path through a network for rank-
based, latency guaranteed bandwidth reservations
within a network
• Supports the reservation of resources for streams, each
destined for one or more Listeners, and each
from a single source
• Two types of end stations supported by MSRP:
• Talker: Source of a stream
• Listener: Destination for a stream
• Stream Registration
• Talkers advertise one or more streams and specify
the QoS requirements
• Bridges propagate those advertisements
throughout the network
• Listener(s) request the stream
• Bridges Forward Listener Ready toward Talker
Verification Challenges
• Packing of multiple talker attributes
for different destination and
streamid into a single MRPDU
• Checking and calculating the
bandwidth reserved for a
particular streamid by the end
station
• Scheduling of streams and
mapping to correct shaping
queue
Scheduling
Credit Based Shaping
• Priority scheduling
• Insure quality of service
Time Aware Shaper
• Scheduling done on the basis of gate control events which are time synchronized
• Uses gates with priority queues
• Non-responsive and Rx agnostic protocols
• How does Rx determine bandwidth has been
honored?
• Was the correct queue gate allowed to
transmit frame according to gate control list?
• Did the gate control list recycle properly?
• Was the timestamp generated in sync?
Active Verification
Component
Passive
Verification
Component
Device Under Test
Configuration:
- Bandwidth
Allocation
(CBS)
- Gate Control
List (TAS)
Expected configuration done
for both DUT and Monitor
DUT traffic
feedback
to monitor
Evaluates the traffic according to priorities for bandwidth allocation
Runs shadow Gate Control for TAS and does back calculation for timing to evaluate if correct gate transmitted
x Does not work for Preempted packets conclusively
Transmission Selection
Preemption
•Select the traffic based on express and preemptablestatus
MacMergeLayer
•Halts unimportant traffic to service interrupts
•Adds fragmentation
• Preemption when hold mechanism is not
used
• Preemption when hold mechanism is used
• Verification of preemption capability
• Preemption hold timing violation checks
VerifyTransmit
Processing
Receive Processing
Send Verification
mFrame with SMD_VReceive Response
mFrame with SMD_R
Preemption Block
Queuing from
stream shapers
Preempt
Indication
Express
traffic
Preemptable
traffic
Typically express traffic queues will be less in number
but need not be fixed to specific priority numbers or positional placement (L-R)
Transmission Selection
MAC Merge Layer
Express
FilterTransmit
Processing
Receive
Processing
eMAC
MAC
Control
MAC
pMAC
MAC
Control
MAC
ENET Phy
Preemption Block
Queuing from
stream shapers
Normal
ENET
MAC
Preempt
Indication
• Express traffic interrupt should interrupt
normal traffic
• Timer violations for minimum guard period
through calculation of preemption delay
• Fragment formats and fragment size
violations
• Link to link delay for single hop calculation
• mFrame validation
Feedback for indicating reception of Verification frames
Security
802.1AE MACSec
•Encryption and decryption of the data payload using the GCM mechanism
•Ethernet MAC embedded with MACSec logic
• Verification of Integrity mode, confidentiality
mode and both
• Authentication mode verification
• PN Replay feature : Out of order PN
• Configuration for key, PN etc.
• Error Injection
• Scoreboard hooks for data integrity check
MACsecRX Q
MACsecTX Q
MACsec layer
MAC layer
PHY Layer(Reconciliation Sublayer)
Decrypted received data
Encrypted Data
Energy Efficient Ethernet
802.3az
•EEE is green energy technology for Automotive Ethernet
•Keep link in “sleep” mode when no transmission occurs : IDLE/Sleep/Wake
• Ensure that sleep timers are validated
• Any traffic during low power should be
discarded
• Low power Idle corruption
Full Stack Verification EnvironmentTop Level
Physical Layer
802.3 ENET (USGMII, 2.5G UTP)
Pre-emptive MAC
Frame Generation
802.1Qbu : Pre-emption and Interspersing
802.1AS
Time
Stamping
Unit
1722
AV+Ctrl Frames
1722-Rev
AV+Ctrl Frames
802.1Qbv : Time aware shaping
802.1Qav : Credit based shaper
Rsvd_Q BE_QSched_Q
TimeAwareGates
Transmission_QPTP_Q
Generated
stream scheduling
based on
bandwidth
allocation
General media format frame
creation, packing and unpacking
Scheduled frames
controlled on the
basis of gate control
list
Timestamp
generation and
clock sync for the
system
Preemption
controlled through
Hold register or
Control directive
Not all layers need be present in
every use model, the different
functionalities can be selected
based on enablement registers
Thank You