1 / 12

SpaceWire Physical Layer Fault Isolation Barry M Cook (4Links Limited) Wahida Gasti (ESA) Sven Lan

SpaceWire Physical Layer Fault Isolation Barry M Cook (4Links Limited) Wahida Gasti (ESA) Sven Landstroem (ESA) International SpaceWire Conference 4-6 November 2008. Content. Context Failure sequence Failure conditions LVDS Failure prevention by

avon
Download Presentation

SpaceWire Physical Layer Fault Isolation Barry M Cook (4Links Limited) Wahida Gasti (ESA) Sven Lan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SpaceWire Physical Layer Fault Isolation Barry M Cook (4Links Limited) Wahida Gasti (ESA) Sven Landstroem (ESA) International SpaceWire Conference4-6 November 2008 SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20081

  2. Content Context Failure sequence Failure conditions LVDS Failure prevention by Over-voltage limiting requiring Reliable current limiting … … at the receiver … at the transmitter Conclusions SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20082

  3. Context – Cross Strapped Redundant System SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20083

  4. Failure Sequence SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20084

  5. Failure Conditions Devices can be quite intolerant of variation • 3.3V (nominal) supply voltage (Vss) permits a supply voltage tolerance of ±10% – a voltage range of 3.0 to 3.6V • But sets an absolute limit of 4V • Input voltages are, typically, limited to Vss + 0.3V • Consider a chip with Vss = 3.6V driving one with Vss = 3.0V … • Input currents for above-Vss input voltages are limited • To, typically, 10mA • Which, in practice, makes the above situation safe – just • LVDS avoids this problem by specifying lower signal voltages SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20085

  6. LVDS – EIA/TIA 644 A Specifies … Transmitter output voltages (regardless of Vss) • Differential • 350mV nominal • Common mode • 1.25V nominal above Transmitter ground End-to-end common mode difference • Up to ±1V Acceptable receiver input voltages • 0.05V to 2.45V (to allow for the common-mode difference) Which is fine until the driver fails and places Vss (+Vcm) on the signal line or, worse, a power supply fails and places an even higher voltage on the signal lines SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20086

  7. Failure Prevention We can take one or more of several actions to avoid a single fault causing a failure cascade … • Ensure the PSU never fails over-voltage • Challenging (especially with Switched mode supplies) • Even with over-voltage detection, transients are likely • Prevent the over-voltage leaving the transmitter • Don’t forget common-mode differences (must clamp to LVDS levels, not to supply) • Prevent the receiver being damaged • Limit the over-voltage at its terminals • Prevent the receiver propagating the fault • Not only through power rails but also through signal lines SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20087

  8. Over-voltage limiting We require no significant line loading (capacitance / current) with correct signal levels and firm clamping at safe levels with fault levels BUT … Limiting is not perfect and the clamping level depends, critically, on the available fault current At significant currents (100’s mA) the actual clamp voltage can be twice the turn-on voltage • Contrast this with the need to allow a correct level of 2.5V (LVDS input) or 3.6V (logic input) but clamp at ≤4.0V Safe over-voltage limiting requires reliable current limiting SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20088

  9. Reliable Current Limiting Avoiding silicon (which tends to fail short-circuit, allowing large currents) we are forced to consider discrete resistors • Thick film SMD resistors and hole mounted metal-film resistors are accepted by most agencies as short-circuit free Adding series resistance on the signal lines will provide a reliable current limit • Can this be done with EIA/TIA 644A (LVDS) signals? • Yes … SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 20089

  10. At the receiver R 1.075V / 1.425V Limitations • The resistors, R, with the receiver input capacitance form a low-pass filter which may degrade the signal • 100Ω & 10pF has a time constant of 1ns which would need careful consideration at 200Mb/s (5ns bit period) but should be OK at ≤100Mb/s • 100Ω is useful but we could wish for more … 100Ω 350mV 1.425V / 1.075V R 1.25V common mode SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 200810

  11. At the transmitter 0V / 2.5V 305Ω Features • Same output differential and common-mode voltage (LVDS) • Series resistance driving a matched transmission line and load – there is no capacitive loading and no data-rate reduction • 305Ω provides a useful current limit (50mA at 15V over-voltage at the driver output) • Supply current is just 3.5mA – same low power as before • Other, similar, circuits can be used for higher output source voltages – with greater protection. 100Ω 350mV 305Ω 2.5V / 0V 1.25V common mode SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 200811

  12. Conclusions • We have identified a failure mechanism that can cause a failure cascade causing damage to both the nominal and redundant systems • This can be alleviated by using fail-safe current limiting devices – discrete resistors – in conjunction with (discrete or in-built) voltage limiting devices (Whilst fully complying with the definition of EIA/TIA 644A – LVDS) SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 200812

More Related