Company overview: Automotive + TTEthernet

www.tttech.com

Ensuring Reliable Networks

Copyright © TTTech Computertechnik AG. All rights reserved. Page 1

Company Overview & Overview Deterministic Ethernet

Dr. Markus PlankensteinerDirector Industrial [email protected]

Copyright © TTTech Computertechnik AG. All rights reserved.www.tttech.com


Page 2

Safety Becomes Omnipresent

Megatrend Safety

• Automotive: 50 million injuries, out of those 1.2 million were fatal injuries (3.300 per day according to WHO 2010)

• Industrial: Manufacturers lose over $ 20 billion each year in safety incidents (Norm Gilsdorf, President of Honeywell Process Solutions at Honeywell User Group 2010)

• Civil Aviation: In 2010 there were 47.3 million flight hours and 22.3 million departures with 9 serious accidents

• Smart and safe mega cities• Medical systems and healthcare for aging populations• By 2020 every second embedded device will be safety relevant



Page 3

High Availability for Wind, Green Power & Grid Automation

Ethernet That Always Delivers

High Reliability for Smarter and More Electric Vehicles on Land & in the Air

TTTech Provides Electronic Robustness to a More Electric World

TTTech Vision based on Safety Platform



Page 4

What do they have in common …

… Reliable Networks and Controls from TTTech

Boeing 787 NASA Orion

Prinoth LeitwolfAudi A8



Page 5

Since 1998 TTTech has Developed Succesfully …

• Unique time-triggered and safety know-how pool of 230+ employees

• Dynamic growth• Strong equity position• International footprint• 16 M€ invest in R&D in 2011

• Case study coverage

TTTech KonzernBetriebsleistung

17,422,3

33

05

101520253035

Years

MEU

R

28%

48%

2009

2010

2011



Page 6

Dependable Communication with

Elements of the TTTech Cross-Industry Safety Platform

Chip IP, ASICChip IP, ASIC Cert PackagesDO-254 DO-178B/C

ISO 61508

Cert PackagesDO-254 DO-178B/C

ISO 61508

Tools &Middleware

Task1A

Task1B

Partition 1 Partition 2

CoreOS

IMA OS Message

Channel API

HardwareTT

RC

BE

TTE-PCI Driver

TTE-API Library

TTE-COM Layer ARINC 653

Task2A

Task2BPartition OSPartition OS

Task3APartition

OS

Partition 3

Core OS Services

Task1A

Task1B

Partition 1 Partition 2

CoreOS

IMA OS Message

Channel API

HardwareTT

RC

BE

TTE-PCI Driver

TTE-API Library

TTE-COM Layer ARINC 653

Task2A

Task2BPartition OSPartition OS

Task3APartition

OS

Partition 3

Core OS Services

Test Equipm. & Switches

CPU & Safety Companion

I/O Blocks & Drivers

Cert Package Safety Manual

SafeExe, SafeCOM, SafeMon

App. 3 App. 4

CommComm..ServicesServices

MemoryMemoryServicesServices

System System ServicesServices

ComplexDrivers

BSPBSP

SafeSelfC

heckS

afeCrossC

heck

RTERTE

I/OI/OServicesServices

SafeD

ispatcher

SafeHAL

OS

Bootloader

App. 2App. 1

Checkpoint „SafeCDR“

Checkpoint „SafeApp2“

Checkpoint „SafeApp1“

E2E-Lib

SafeCOM

Modular Safety Controllers



Page 7

IEC 61508EN/ISO 13849ISO 26262DO 178B / 254

Cross-Industry Safety & CertificationDesign assurance standards are similiar across industries

System approaches are different

Fail-Stop Fail-Operational

www.tttech.com



Focus Automotive



Page 10

Automotive Production Program Reference Audi A8

Communication Software• FlexRay, CAN, LIN, Tools• Performance optimized

Premium Engineering• 10 Mbit/s physical layer • Stable parameterizing and interoperability• Software integration and prototype support• Diagnostics specification• Representation in FlexRay Consortium

Communication Safety Software• End-to-end safety on FlexRay and CAN• ISO 26262 ASIL D

VW Touareg, … Bentley Arnage, Continental

Process Optimization • Automated ECU Validation• Testbench automation

Audi A8, A6, A4, …



Page 11

Automotive Portfolio

Reliable Networks and Safe CommunicationReliable Networks and Safe Communication

Embedded Safety Software

• AUTOSAR Safe up to ASIL D• SafeCOM

Safety Hardware for E-Vehicles

• Modulare Safety Platform• IEC 61508 / ISO 26262• SIL 2-3

Testing Tools

• Data Logger • FlexRay Tools

Networks & Engineering



Page 13

AUTOSAR Safety Software Cooperation with Vector Informatik

Microsar Safeup to ASIL Dwith TTTech Safety Modules

• Safety Elements out of Context (SEooC) according ISO 26262• TTTech safety modules integrated with Vector MICROSAR AUTOSAR BSW

• Certified or certifiable up to ASIL-D• Integration according to Integration Safety Manual (ASM)• AUTOSAR 3.0/1, 4.0, CANbedded, MICROSAR Safe



Page 14

Modular Safety Controller Roadmap

2003

TTC100 / TTC200IEC 61508 SIL 2/3

2008

TTC90 SIL 2EN 13849 Pl D

ISU90 ASIL CISO 26262

VCU90 ASIL CISO 26262

2010

VCU500 ASIL DISO 26262

ISU500 ASIL DISO 26262

FP ASIL DISO 26262

VGSF500 SIL 3Industrial

EVECU ASIL DISO 26262

TTC500 SIL 3EN 13849 Pl E

Automotive ECU Background

Modular Safety Controller Roadmap

1990

Aerospace & Railway

Automotive Off-Highway Special Purpose

Industrial

Markt Expertise

Customer-Specific Safety Controller RoadmapCustomer Program EVISO 26262 ASIL D

2011

Customer Program Hybrid ASIL DISO 26262

Customer Program Chassis ISO 26262 ASIL D

2012



Page 15

Inverter Safety Unit (ISU)



Page 16

Electric Rear Wheel DriveSafety Control Unit• ISO 26262 ASIL-D• Drive function including torque vectoring• Safety algorithms for monitoring• SOP 2015



Page 17

Data Logging Solution

Key Features• Complete vehicle data logging (all)• Filtered and triggered data logging (selective)• Precise timestamp (1 µs resolution)• Measurement and calibration (CCP / XCP)• API for sending and receiving (freely programmable)• Central access to all bus systems via Ethernet• Multi-step intelligent power management (sleep / deep sleep)

TTXDataLogger

www.tttech.com



TTEthernet – SAE AS6802



Page 19

Integrated Service Delivery in a Single Ethernet Network

Ethernet (IP)• IEEE 802.3 standard traffic• Best effort (IP)

Streaming• ARINC 664• Rate-constrained• Audio/video• Sensor fusion

Synchronous• SAE AS6802 clock synch

(IEEE 1588 compatible)• Real-time control• Ultra-low latency• Safety systems

Available and Safe Automotive Ethernet



Page 20

Encapsulated Data Streams for Safety and Availability

• TTEthernet controls data rates and arrival timing against pre-set allocation tables

• Policing of data rates is enforced by the switch

• Based on TDMA scheme with clock-synchronization

Safety Argument• Data streams of different functionality

are protected against each other and• Data streams of different criticality are

protected against each other • By encapsulation

Data Stream EncapsulationISO 26262 ASIL D (IEC 61508 SIL 3)

Rat

e C

onst

rain

edSt

ream

ing

Traf

ficSy

nchr

onou

sTr

affic

Bes

t Effo

rfB

ackg

roun

d ra

ffic

Available and Safe Automotive Ethernet



Page 21

Technology Openness



Page 22

TTEthernet Algorithms are Standardized with SAE

Standard has been approved!AS6802 "Time-Triggered Ethernet" is published by SAE on November 1, 2011http://www.sae.org/technical/standards/AS6802

http://www.sae.org/technical/standards/AS6802



Page 23

Time-Triggered Networking with TTTech

• High-integrity, deterministic data network communications across the vehicle

• Guaranteed latency and response time for critical sensors and actuators

"We look forward to realizing the potential of TTEthernet technology development, which provides a high bandwidth avionics databus capability supporting future technology insertion.“ NASA statement



Page 24

TTEthernet in Safety Management Systems for Oil Platforms

100 Mbit/s TTEthernet variant used with software-based endpoints



Page 25

TTEthernet in Offshore Wind Turbines

www.tttech.com



Automotive TTEthernet Projects



Page 29

OEM Projects (1)

• R&D project on validation of TTEthernet for High-Definition (HD)

• Lane detection, traffic sign recognition and object recognition

• TTEthernet switch with nodes executing TTEthernet stack on top of standard Ethernet controller

• Camera application for HD capturing, splitting, cropping, encoding and transmission



Page 30

OEM Projects (2)

Project 2• Evaluation project with different topologies and traffic loads • Comparison with MOST and standard Ethernet

Project 3• Architecture study for infrastructure backbone• Safety-critical and non safety-critical control applications• Simulation model development

Project 4• Evaluation of low-latency communication and compatibility with

AVB



Page 31

OEM Projects (3)

Project 5• Part 1: compatibility between TTEthernet, AVB and standard

Ethernet • Part 2: partitioning, fault isolation and fault-tolerance

TTEthernet Switch

1

2

3

4

5

TTEthernet Switch

6 7

`

8

TTEthernetAVB

www.tttech.com



What Automotive OEMs Say



Page 34



Page 35



Page 36



Page 37



Page 38



Page 42Copyright © TTTech Computertechnik AG. All rights reserved. Page 42

Communication Solutions and Safety Electronics for Audi

„Leadership in electronics is key for AUDI AG. Therefore, reliable, deterministic communication solutions and safety electronics from TTTech are essential building blocks for our innovation roadmap“

- Ricky Hudi Senior Vice President Electric/Electronic Development

www.tttech.com



TTEthernet Products



Page 49Page 49

TTEthernet Products – OverviewChip IP

• Switches and End Systems• Certification Package (RTCA

DO 254)Development EquipmentSwitches

TTEDev Switch 1 Gbit/s 12 Ports

TTEDev Switch 100 Mbit/s A664Endpoints

TTEPMC Card, TTEPCI Card

TTEXMC Card, TTEPCIe CardTest and Simulation Equipment

• TTEMonitoring Switch 1 Gbit/s 12+1 Ports

• TTEMonitoring System• TTEEnd System A664 Dev&Test

Development Systems• TTEDevelopment System 1 Gbit/s v2.0• TTEDevelopment System 100 Mbit/s

Configuration & Verification Tooling• TTEBuild, TTE Build Network

Configuration• TTELoad• TTEView• TTEVerify (certification RTCA DO 178B)

Embedded Software• TTEProtocol Layer, TTEDriver and TTEAPI

Library• TTECOM Layer ARINC 653• TTESync Library



Page 50Page 50

TTEthernet Development Systems

TTEDevelopment System 100 Mbit/s• TTEDevelopment Switch with 8 x 100 Mbit/s ports• Two end system PCs with software-based TTEthernet as

Linux driver• Configuration tools, development tools, TTEthernet API,

manuals• Extendable demo application

in source code

Order Number: HE01.00.0

www.tttech.com



Safe and Available Automotive Ethernet



Page 52

Overview

• Automotive scenarios• Integration of all traffic classes on Ethernet

• Buffering, partitioning• Availability and safety

• Compatibility with standard Ethernet and AVB and support for Broadcom PHY and other physical layers

• Chip IP and ASIC roadmap



Page 53

Automotive Adoption Scenarios for Ethernet

Phase 1: Subsystem Level• Ethernet at subsystem level• Examples: camera links, driver

assistance system, multimedia• One Ethernet switch chip per

car

Phase 2: Architecture Level• Ethernet backbone: integration

of powertrain, chassis, body, multimedia, driver assistance, …

• Two or more Ethernet switch chips per car

VideoECU RSE

HU

GW

Front-camera

Diagnosis interface



Page 54

IRCamera

BodyController

DVDRadio

Main Rear Controller

Switch (e.g. Gateway)

Radar

RSERear

Camera

Main Front Controller

Switch(e.g. Chassis Controller)

FX FX

CAN CAN

Ethernet Requirements for Phase 2

Integration of all traffic classes on a single network• Standard Ethernet traffic (IP)• Multimedia (audio / video streaming)• Surround sensing (video, radar, …, streaming)• Diagnostics, Car2x (IP)• Control loops (real-time, synchronous)• Safety (real-time, synchronous, ISO 26262 ASIL D)• …



Page 55

Integration of all traffic classes on a single network• Standard Ethernet traffic (IP)• Multi-Media (audio / video streaming)• Surround sensing (video, radar, …, streaming)• Diagnostics, Car2x (IP)• Control Loops (real-time, synchronous)• Safety (real-time, synchronous, ISO 26262 ASIL D)• …

Ethernet Requirements for Phase 2

Availability• Different traffic classes must not have adverse impact on each other• Even if one or more senders or switches are faulty



Page 60

Compatibility with AVB1. Clock Synchronization

• 802.1AS clock synchronization frames can be sourced from AS6802 mechanisms safety argument

2. Traffic Shaping & Bandwidth Allocation• Policing and traffic shaping supported

(slight differences between AVB and ARINC 664)

• Dynamic bandwidth allocation supported (lockable entries for safety)

Next Steps• AVB compatibility: definition of automotive

subset• Opportunity AVB Gen 2: making AVB safe and

available (partitioning)

Safety Availability (Partitioning)



Page 61

Ethernet Chip IP Roadmap

Page 61

201220112010 2013 2014

• 180MHz• 768k RAM • 3 MB Flash• 16 PWM, 88 I/O

Pegasus Line

Switch (development)

• Altera Stratix IV

Pegasus Switch• 6x 10/100/1000 Mbit/s• 20x 10/100 Mbit/s• DO 254 DAL A / SIL3 / ASIL D• ARINC 664 p7, SAE AS6802 (2-FT)• On-/Off-chip COM/MON• Ext. Memory up to 32 MB QDR• 16 bit A/D Mgmt. CPU I/F

Pegasus End System• 3x 10/100/1000 Mbit/s• DO 254 DAL A / SIL3 / ASIL D• SAE AS6802 MAC layer (1-FT)• ARINC 664 p7 UDP/IP layer• Ext. Memory up to 16 MB QDR• 32 bit PCI express, 16 bit A/D

Switch (certification)

• Altera Stratix IV

Switch (production)

• ASIC

End System (development)

• Altera Cyclone IV

End System (certification)

• Altera Cyclone IV

Phoenix Switch• 12x 1000 Mbit/s• ARINC 664 p7, SAE AS6802 (2-FT)• Off-chip COM/MON support• On-chip mgmt. module

Phoenix End System• 3x 1000 Mbit/s• AS6802 (2-FT)• ARINC 664 p7 (without UDP/IP)• PCI/PCI express

Switch• Stratix IV

End System• Stratix IV

Switch ASIC• 3rd party (ITAR)

Switch (V&V)• Stratix IV

End System (V&V)• Stratix IV

End System ASIC• 3rd party (ITAR)

Phoenix Line

available plannedunder development



Page 62

Chip Roadmap

Phoenix Line (Gen 2) IP • Switch, client: FPGA-based solution available, space, aero and

landsystem use (e.g. NASA)

Pegasus Line (Gen 3) IP• Fully scalable IP for switch and client

(100 Mbit/s and 1 Gbit/s ports)• Safety: ISO 26262 ASIL D, DO 254 DAL A, IEC 61508 SIL 3• Automotive, industrial and aerospace applications• ASICs planned for 2014• Compatible with BroadR-Reach© PHY• Prototypes available

Software-based clients possible on µCs with Ethernet MAC

www.tttech.com



Synchronous vs. Asynchronous Communication



Page 64

Asynchronous Communication Transmission Points in Time are not predictable Transmission Latency and Jitter accumulate Number of Hops has a significant impact

Usually solved by High Wire-Speeds & Low Utilization and/or Priorities

Problem of ”Indeterminism” remains

Ethernet = Asynchronous Communication

X



Page 65

Adding Clock Synchronization to Ethernet

TTE

1588

1588

Eth

TTE

TTE

Eth

TTE

TTE TTE

TTE

TTE

TTE

Eth

Time Master

Enabler for Synchronous Operation:

Synchronized Global Time

Communication Schedule



Page 66

Synchronous / Time-Triggered Operation

Time-Division Multiple-Access CommunicationComposable networkComplexity reduction and faster integration Fault tolerant communication system

send

receive

receive

send

receive

receive

receive

receive

send

t1

t1

t1

t2

t2

t2

t3

t3

t3

Node A

Node B

Node C

timeSlot



Page 67

Synchronous Communication

X

Exactly one order of messages Mi (in contrast to PERM(Mi ) in async. comm)

Synchronous Communication (TT)



Page 68

Single-Master Clock Synchronization

TTE

1588

1588

Eth

TTE

TTE

Eth

TTE

TTE TTE

TTE

TTE

TTE

Eth

Time Master

Enabler for Synchronous Comm.:

Synchronized Global Time

Communication Schedule



Page 69

Fault-Tolerant Clock Synchronization

TTE

1588

1588

Eth

TTE

TTE

TTE

Eth

TTE

TTE

TTE

TTE

TTE

TTE

TTE

Eth

Time Master

Time Master

Time Master

Fault-tolerant synchronization services are needed for establishing a safe global time base

www.tttech.com



TTEthernet Technical Overview



Page 71

Mixed-Criticality Systems

Standard IEEE802.3 Ethernet LAN

Safety-, Time- or Mission-Critical System

Network

Time and spacepartitioned OS




Linux Server

WindowsPC

WindowsPC

F1

F1 F1F2 F2

F2F2 F3 F4

F3 F4

F4

F4

Open NetworksHow to share system resources and partition critical and non-critical distributed functions?

TTEthernet



Page 72

TTEthernet, a Communication Infrastructure Highlight: Flexible Integration

and COTS Backward Compatible

TTE TTE

TTE TTE

TTEFX

FX

FX

FX

FX

CAN

CAN

CAN

CAN

FX

ETH

1 Gbit/sec

100 Mbit/sec

< 10 Mbit/sec

<1 Mbit/sec

TTE

TTETTETTETTE

TTPTTP TTP TTP



Page 73

TTEthernet for Mixed-Criticality Systems

Enables robust partitioning of all computing and networking resources in one system

• Fault-tolerant distributed clock• Hard real-time communication

(µs jitter, fixed latency)• Host critical controls, video, audio, LAN, …

In parallel, two types of Ethernet communications:

Synchronous (TDMA-style) Communication: TT

Asynchronous (event-triggered style): RC + BE Ethernet IEEE 802.3

Application

Time-Triggered Extension

Layer 3-7



Page 74

Integrated Dataflow Example

TT TTTT TT TTTT TT

3ms cycle

2ms cycle

3ms cycle 3ms cycle

2ms cycle 2ms cycle 2ms cycle

6ms Cluster Cycle

RC BE BE BE RC BE t

Sender

1 Switch/RouterReceiver

Sender

2

TT TT TT


BE BE BE t

TT TT TT


BE BE RC BE

t

Dataflow – Integration - Time-Triggered (TT) - Rate-Constrained (RC) - Standard Ethernet (BE)

TTEthernet Switch is also capable of changing traffic types, e.g. a message received as RC can be relayed as TT



Page 75

Example: 1,000 Frames (Industrial- Sized)

Time-Triggered Only Time-Triggered + Event-Triggered

12

34

5

6

1 2

Dataflow Links are enumerated on the x-axis

…

TT

TT

TT

TT

RC

RC

RC

RC

RC/BE frames are also integrated during TT phases.

www.tttech.com



Summary



Page 77

TTEthernet Advantages

• Compatible to IEEE 802.3 standard Ethernet• Compatible with other standards (IEEE 1588, ARINC 664 and

partially with AVB)• Support for different traffic classes – scalability and flexibility • Fault-isolation: faulty component cannot affect the whole system• Fault-tolerance and redundancy management • Integrated security mechanisms

• Protection against masquerading and Denial of Service (DoS)• Fault tolerant clock synchronization including security • Certified mechanisms (clock sync, …)• Integration of many functions/applications in one network• Open technology – published as SAE AS6802 standard, IEEE

standardization planned• Mature technology proven in several production programs

www.tttech.com


www.tttech.com
