CN110196564B - A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation - Google Patents
A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation Download PDFInfo
- Publication number
- CN110196564B CN110196564B CN201910470266.5A CN201910470266A CN110196564B CN 110196564 B CN110196564 B CN 110196564B CN 201910470266 A CN201910470266 A CN 201910470266A CN 110196564 B CN110196564 B CN 110196564B
- Authority
- CN
- China
- Prior art keywords
- power
- module
- instruction
- power distribution
- distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000009826 distribution Methods 0.000 title claims abstract description 354
- 239000002245 particle Substances 0.000 title claims abstract description 8
- 230000005855 radiation Effects 0.000 title 1
- 230000003862 health status Effects 0.000 claims abstract description 14
- 238000012545 processing Methods 0.000 claims description 39
- 206010002515 Animal bite Diseases 0.000 claims description 22
- 239000003990 capacitor Substances 0.000 claims description 16
- 230000002159 abnormal effect Effects 0.000 claims description 13
- 230000002452 interceptive effect Effects 0.000 claims description 12
- 101100402275 Arabidopsis thaliana MOS11 gene Proteins 0.000 claims description 10
- 230000004927 fusion Effects 0.000 claims description 10
- 230000036541 health Effects 0.000 claims description 7
- 230000000295 complement effect Effects 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000005520 cutting process Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 101710116852 Molybdenum cofactor sulfurase 1 Proteins 0.000 claims 1
- 229910044991 metal oxide Inorganic materials 0.000 claims 1
- 150000004706 metal oxides Chemical class 0.000 claims 1
- 239000004065 semiconductor Substances 0.000 claims 1
- 230000001502 supplementing effect Effects 0.000 claims 1
- 238000005065 mining Methods 0.000 abstract 1
- 238000013461 design Methods 0.000 description 17
- 238000000034 method Methods 0.000 description 17
- 238000007726 management method Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 12
- 238000011084 recovery Methods 0.000 description 5
- 101150090280 MOS1 gene Proteins 0.000 description 4
- 101100401568 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) MIC10 gene Proteins 0.000 description 4
- 230000009977 dual effect Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 101150098958 CMD1 gene Proteins 0.000 description 3
- 101100382321 Caenorhabditis elegans cal-1 gene Proteins 0.000 description 3
- 238000007667 floating Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 102100030393 G-patch domain and KOW motifs-containing protein Human genes 0.000 description 2
- 230000003321 amplification Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 229910052982 molybdenum disulfide Inorganic materials 0.000 description 2
- 238000003199 nucleic acid amplification method Methods 0.000 description 2
- RZVHIXYEVGDQDX-UHFFFAOYSA-N 9,10-anthraquinone Chemical compound C1=CC=C2C(=O)C3=CC=CC=C3C(=O)C2=C1 RZVHIXYEVGDQDX-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000010006 flight Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
- G05B19/0425—Safety, monitoring
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J9/00—Circuit arrangements for emergency or stand-by power supply, e.g. for emergency lighting
- H02J9/04—Circuit arrangements for emergency or stand-by power supply, e.g. for emergency lighting in which the distribution system is disconnected from the normal source and connected to a standby source
- H02J9/06—Circuit arrangements for emergency or stand-by power supply, e.g. for emergency lighting in which the distribution system is disconnected from the normal source and connected to a standby source with automatic change-over, e.g. UPS systems
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24032—Power on reset, powering up
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24182—Redundancy
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B70/00—Technologies for an efficient end-user side electric power management and consumption
- Y02B70/30—Systems integrating technologies related to power network operation and communication or information technologies for improving the carbon footprint of the management of residential or tertiary loads, i.e. smart grids as climate change mitigation technology in the buildings sector, including also the last stages of power distribution and the control, monitoring or operating management systems at local level
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S20/00—Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
- Y04S20/20—End-user application control systems
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Emergency Management (AREA)
- Power Engineering (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
本发明提供了一种抗单粒子辐照的平滑切换双机冗余配电系统,该系统包括主机、备机和载荷供配电模块,其中主机和备机互为当班机和非当班机,当班机和非当班机实时地将自身的健康状态和当前工作状态发送给对方,确保非当班机和当班机知悉对方的当前工作状态;当班机根据预设的时序或者接收外部输入的配电指令输出配电控制信号至载荷供配电模块,控制载荷供配电的通断,并回采载荷供配电模块输出端的母线电压,根据回采结果,判断配电指令是否正确执行,当指令未正确执行时,则由当班机将该配电指令经内部串口发送至非当班机,并暂时启用非当班机的输出控制功能,由非当班机补充执行一次该配电指令。
The invention provides a smooth-switching dual-machine redundant power distribution system resistant to single particle irradiation. The system includes a main machine, a standby machine and a load power supply and distribution module, wherein the main machine and the standby machine are on-duty and off-duty planes for each other, On-the-fly and non-on-duty aircraft send their health status and current working status to each other in real time to ensure that the non-on-duty aircraft and on-duty aircraft know each other's current working status; on-the-fly aircraft receive power distribution instructions from external input according to the preset sequence Output the power distribution control signal to the load power supply and distribution module, control the on-off of the load power supply and distribution module, and retrieve the bus voltage at the output end of the load power supply and distribution module, and judge whether the power distribution command is correctly executed according to the mining result. When the power distribution instruction is sent to the non-on-duty aircraft through the internal serial port, the output control function of the non-on-duty aircraft is temporarily enabled, and the non-on-duty aircraft executes the power distribution instruction once.
Description
技术领域technical field
本发明涉及一种抗单粒子辐照的平滑切换双机冗余配电系统。属于电源配电技术领域。The invention relates to a smooth switching dual-machine redundant power distribution system resistant to single particle irradiation. It belongs to the technical field of power distribution.
背景技术Background technique
对于航天测控系统而言,特别关注单机的可靠性,尤其是空间飞行器的单机,需要避免因空间恶劣环境造成的错误输出,通常需要采取三机冗余或双机冗余的设计方法。For aerospace measurement and control systems, special attention is paid to the reliability of a single aircraft, especially for a single aircraft of a space vehicle, it is necessary to avoid erroneous output caused by the harsh environment of space, and a design method of triple redundancy or dual redundancy is usually required.
(一)三机冗余(1) Three-machine redundancy
三冗余处理器一般按三模冗余、三中取二表决设计。分为紧耦合和松耦合两种模式。紧耦合的三模冗余系统可靠性较高,但系统设计较为复杂,信息交换量大,需要软件设计师在充分理解系统设计意图后编写大量的容错管理软件。另外系统总线也较难处理,若采用一套系统总线,系统实时性差、存在单点;若采用三套总线,占用了太多的接插件点数,使模板不能集成更多的功能,加大了系统体积、重量。而松耦合的三机冗余,设计相对简单,各单机信息交换量少,减少了容错管理环节,减轻了软件设计师的负担。此外也彻底解决了系统总线单点问题。三冗余技术方案的最大难点在于CPU间的同步机制。由于处理器实时性强,要周期性完成数据采集、运算、判断、控制指令输出任务,所以三机的同步十分重要。目的是消除因各处理器主频的微小差异而产生的累积误差,保证各CPU板数据采集及处理的同时性。Three-redundant processors are generally designed according to three-mode redundancy and two-out-of-three voting. There are two modes: tight coupling and loose coupling. The tightly coupled three-mode redundant system has high reliability, but the system design is more complex and the amount of information exchange is large. Software designers need to write a lot of fault-tolerant management software after fully understanding the system design intent. In addition, the system bus is also difficult to handle. If one set of system bus is used, the system has poor real-time performance and a single point; if three sets of bus are used, too many connector points are occupied, so that the template cannot integrate more functions, increasing System volume and weight. The loosely coupled three-machine redundancy is relatively simple in design, and the amount of information exchange between each single machine is small, which reduces the fault-tolerant management link and reduces the burden of software designers. In addition, the single-point problem of the system bus is completely solved. The biggest difficulty of the three-redundancy technical solution lies in the synchronization mechanism between the CPUs. Since the processor has strong real-time performance, it is necessary to periodically complete the tasks of data acquisition, operation, judgment, and control command output, so the synchronization of the three machines is very important. The purpose is to eliminate the cumulative error caused by the slight difference in the main frequency of each processor, and to ensure the simultaneity of data acquisition and processing of each CPU board.
(二)双机冷备(2) Dual-machine cold standby
系统配备两台完全相同的单机,仅一台为加电状态,可以定时将数据备份至备用单机硬件,但是出现故障时备机不会自动接管,需要人工启动硬件和服务。一些承担非重要任务的地面设备可采用此种备份方法。The system is equipped with two identical stand-alone machines, only one of which is powered on. Data can be backed up to the standby stand-alone hardware regularly, but the stand-by machine will not automatically take over in the event of a failure, and the hardware and services need to be manually started. Some ground equipment that undertakes non-critical tasks can use this backup method.
(三)双机并联输出(3) Dual parallel output
系统配备两台完全相同的单机,同时为加电状态,接收控制信号并执行输出,两台单机只要有一套输出则输出有效。此类设计通常用于保通不保断的应用中,或者对两台单机分别供电,当某台单机出现故障无法关断时,对其执行断电操作。The system is equipped with two identical single machines, which are in the power-on state at the same time, receive control signals and perform output. As long as the two single machines have one set of output, the output is valid. This type of design is usually used in applications where the connection is guaranteed without interruption, or the two single units are powered separately. When a single unit fails and cannot be shut down, the power-off operation is performed.
(四)双机热备(4) Dual-machine hot backup
设备内部包含热冗余的两套子设备,每个单机均能独立完成控制器内所有功能,信息控制组合内默认当班机为主机。主、备机功能和设计完全一致。The device contains two sets of sub-devices with thermal redundancy. Each single machine can independently complete all functions in the controller. The default flight in the information control combination is the main machine. The function and design of the main and standby machines are exactly the same.
正常工作状态下,主机、备机均接收信号,主机为当班机,备机不输出。主备机通过内部通讯监测对方的工作状态,当备机监测到主机工作状态不正常,或主机自身连续出现狗咬、网络故障等情况时,判断主机故障,当班机由主机切换到备机,主备机之间可以多次来回切换。综上所述,目前常用的冗余设计方法存在以下不足:Under normal working conditions, both the main engine and the standby engine receive signals, the main engine is on duty, and the standby engine does not output. The main and standby machines monitor the working status of each other through internal communication. When the standby machine detects that the main machine is in abnormal working state, or the main machine itself has continuous dog bites, network failures, etc., it determines the main machine failure. When the flight is switched from the main machine to the standby machine, You can switch back and forth between the main and standby machines many times. To sum up, the currently commonly used redundancy design methods have the following shortcomings:
(1)、三冗余技术方案需要使用三个完全相同的CPU板,需要较高的成本,同时也限制了设备体积的小型化,需要特别保证CPU间的同步;(1) The three-redundancy technical solution requires the use of three identical CPU boards, which requires high cost, and also limits the miniaturization of the device size, and needs to ensure the synchronization between CPUs;
(2)、双机冷备需要人工启动设备,切换所需时间较长;(2) The dual-machine cold standby needs to manually start the equipment, and it takes a long time to switch;
(3)、双机热备冗余能够解决设备由于环境或其他因素彻底失效带来的单点故障,但对于单个通道偶发的错误输出,缺乏有效的纠正能力;并且增加了单机的功耗。(3) The dual-machine hot backup redundancy can solve the single point of failure caused by the complete failure of the equipment due to the environment or other factors, but it lacks effective correction ability for the occasional wrong output of a single channel; and increases the power consumption of a single machine.
发明内容SUMMARY OF THE INVENTION
本发明的技术解决问题是:克服现有技术的不足,提出一种抗单粒子辐照的平滑切换双机冗余配电系统,避免因主备机切换导致信息的丢失。同时,通过补偿机制确保配电指令能够正确执行,不会因单粒子反转或其他硬件电路失效原因导致操作失败。The technical problem solved by the present invention is: to overcome the deficiencies of the prior art, a smooth switching dual-machine redundant power distribution system resistant to single particle irradiation is proposed, so as to avoid the loss of information caused by the switching of the main and standby machines. At the same time, the compensation mechanism ensures that the power distribution command can be executed correctly, and the operation will not fail due to single event inversion or other hardware circuit failure reasons.
本发明的技术解决方案是:一种抗单粒子辐照的平滑切换双机冗余配电系统,该系统包括主机、备机和载荷供配电模块,其中主机和备机互为当班机和非当班机,当班机和非当班机实时地将自身的健康状态和当前工作状态发送给对方,确保非当班机和当班机知悉对方的当前工作状态;当班机根据预设的时序或者接收外部输入的配电指令输出配电控制信号至载荷供配电模块,控制载荷供配电的通断,并回采载荷供配电模块输出端的母线电压,根据回采结果,判断配电指令是否正确执行,当指令未正确执行时,则由当班机将该配电指令经内部串口发送至非当班机,并暂时启用非当班机的输出控制功能,由非当班机补充执行一次该配电指令。The technical solution of the present invention is: a smooth-switching dual-machine redundant power distribution system resistant to single particle irradiation, the system includes a main engine, a backup machine and a load power supply and distribution module, wherein the main machine and the backup machine are on-duty and Off-duty planes, on-duty and off-duty planes send their own health status and current working status to each other in real time, to ensure that off-duty planes and on-duty planes know each other's current working status; on-duty planes can receive external input according to the preset sequence or receive external input. The power distribution command outputs the power distribution control signal to the load power supply and distribution module, controls the on-off of the load power supply and distribution module, and retrieves the bus voltage at the output end of the load power supply and distribution module. If the command is not executed correctly, the power distribution command will be sent to the non-on-duty aircraft by the on-board aircraft through the internal serial port, and the output control function of the non-on-duty aircraft will be temporarily activated, and the non-on-duty aircraft will supplement the power distribution command once.
非当班机实时监测当班机健康状态,当非当班机检测到当班机异常时,根据之前保存的当班机最新正常工作状态,开启自身的输出控制与接收外部指令功能,按照预设流程或外部指令,执行后续的配电操作,并回采操作结果,当回采操作结果执行正确时,控制原当班机重新上电复位,原当班机上电复位后默认为非当班机状态,禁用输出控制与指令接收功能,完成切机操作。The non-duty flight monitors the health status of the current flight in real time. When the non-duty flight detects the abnormality of the current flight, it will activate its own output control and receive external command functions according to the latest normal working status of the current flight saved before, and follow the preset process or external command. , perform subsequent power distribution operations, and retrieve the operation results. When the retrieval operation results are executed correctly, control the original flight to power on and reset. After the original flight is powered on and reset, it defaults to the non-on-duty state, and the output control and command reception functions are disabled. to complete the cutting operation.
所述当班机实时监测非当班机的健康状态,当非当班机连续出现N次以上狗咬复位时,当班机向非当班机发送上电复位信号;若复位后再次出现N次狗咬,则当班机控制非当班机电源断电,停止工作,N大于等于2。The on-board aircraft monitors the health status of the non-on-duty aircraft in real time, and when the off-duty aircraft has more than N consecutive dog bites and resets, the on-demand aircraft sends a power-on reset signal to the off-duty aircraft; if there are N times of dog bites again after reset, then When the flight control is not on the flight, the power supply is cut off and stops working, and N is greater than or equal to 2.
所述健康状态包括心跳信号、复位信号、供电电压。The health state includes a heartbeat signal, a reset signal, and a supply voltage.
所述工作状态包括系统时间、最新外部配电指令、最近的外部配电指令执行后的配电状态。The working state includes the system time, the latest external power distribution command, and the power distribution state after the latest external power distribution command is executed.
主机和备机完全相同,包括中央处理控制器、遥控指令接收接口模块、双机交互接口模块、配电状态采集电路、配电指令解析电路、电源变换控制模块;The main machine and the standby machine are exactly the same, including the central processing controller, the remote control command receiving interface module, the dual-machine interaction interface module, the power distribution state acquisition circuit, the power distribution command parsing circuit, and the power conversion control module;
中央处理控制器,实时地将自身的健康状态和当前工作状态发送至双机交互接口模块,将双机交互接口模块接收的备机或者主机的健康状态和当前工作状态保存,并检测备机或者主机运行是否正常;若非当班机出现异常,则由当班机控制非当班机重启,重启再次累积连续N次狗咬,则将非当班机断电;若当班机出现异常,则开启非当班机的输出控制功能,将原当班机重启,重启后禁用输出控制功能,完成双机切换,若原当班机重启再次累积连续N次狗咬,则由新当班机控制其断电;The central processing controller sends its own health status and current working status to the dual-machine interactive interface module in real time, saves the health status and current working status of the standby machine or host received by the dual-machine interactive interface module, and detects the standby machine or Whether the main engine is running normally; if the non-duty flight is abnormal, the non-duty flight will be controlled by the non-duty flight to restart, and the restart will accumulate N consecutive dog bites again, and the non-duty flight will be powered off; if the non-duty flight is abnormal, the non-duty flight will be turned on Output control function, restart the original flight, disable the output control function after restarting, complete the dual-machine switching, if the original flight restarts and accumulates N consecutive dog bites again, the new flight will control its power off;
当班机模式下,根据预设时序生成配电指令或者接收遥控指令接收接口模块输入的配电指令,输出配电选通指令和对应通路的加电或断电驱动指令至载荷供配电模块;根据信号采集模块回采的配电结果,判断配电指令是否正确执行,如果配电指令未正确执行时,则将该配电指令发送至交互接口模块;控制非当班机遥控指令接收接口模块使能信号为“无效”状态,使得非当班机不接收外部输入的配电指令;In flight mode, generate power distribution instructions according to the preset sequence or receive remote control instructions, receive power distribution instructions input from the interface module, and output power distribution gating instructions and corresponding channel power-on or power-off drive instructions to the load power supply and distribution module; According to the power distribution result retrieved by the signal acquisition module, it is judged whether the power distribution command is correctly executed. If the power distribution command is not executed correctly, the power distribution command is sent to the interactive interface module; The signal is in the "inactive" state, so that the off-duty aircraft does not receive the power distribution command input from the outside;
非当班机模式下,接收交互接口模块发送的配电指令,根据该配电指令输出配电选通指令和对应通路的加电或断电驱动指令至载荷供配电模块;当检测到当班机运行异常时,启用非当班机自身的输出控制功能与外部指令接收接口,读取保存的当班机最新正常工作状态,按照该正常工作状态之后的时序,继续生成配电指令或者接收遥控指令接收接口模块输入的配电指令,输出配电选通指令至载荷供配电模块,根据信号采集模块回采的配电结果,判断配电指令是否正确执行,如果配电指令正确执行,则将切换为当班机工作模式,并向原当班机的电源交换控制器发送重启指令;In the off-duty mode, receive the power distribution instruction sent by the interactive interface module, and output the power distribution gating instruction and the power-on or power-off drive instruction of the corresponding channel to the load power supply and distribution module according to the power distribution instruction; When the operation is abnormal, enable the output control function of the non-on-duty aircraft and the external command receiving interface, read the saved latest normal working state of the on-duty aircraft, and continue to generate power distribution commands or receive remote control commands according to the sequence after the normal working state. The power distribution command input by the module outputs the power distribution gating command to the load power supply and distribution module, and judges whether the power distribution command is executed correctly according to the power distribution result retrieved by the signal acquisition module. flight working mode, and send a restart command to the power exchange controller of the original flight;
遥控指令接收接口模块,在使能信号的控制下,当使能信号“有效”时,接收外部输入的配电指令,并输出配电指令给中央处理控制器,当使能信号“无效”时,不接受外部输入的配电指令,不输出配电指令至中央处理控制器;The remote control command receiving interface module, under the control of the enable signal, when the enable signal is "valid", receives the power distribution command input from the outside, and outputs the power distribution command to the central processing controller, when the enable signal is "invalid" , does not accept externally input power distribution instructions, and does not output power distribution instructions to the central processing controller;
信号采集模块,采集载荷供配电模块输出端各载荷的母线电压,并发送给中央处理控制器;The signal acquisition module collects the bus voltage of each load at the output end of the load power supply and distribution module, and sends it to the central processing controller;
配电指令解析电路,将中央处理控制器发出的配电选通指令译码,选择对应通路的加电或断电驱动指令输出;对于仅需要确保接通的功率恒定配电通道,产生一对互补的加电与断电指令;对于接通和断开可靠性均有较高要求的功率恒定配电通道,共产生四对互补的加电与断电指令;The power distribution command parsing circuit decodes the power distribution gating command issued by the central processing controller, and selects the power-on or power-off drive command output of the corresponding channel; for the power distribution channel that only needs to be ensured to be connected, a pair of Complementary power-on and power-off commands; four pairs of complementary power-on and power-off commands are generated for constant-power power distribution channels that have high requirements on turn-on and turn-off reliability;
电源交换控制器,将外部输入的供配电信号进行电源转换,得到所需的二次电源电压,为对方的中央处理控制器供电,同时,接收对方中央处理控制器的控制信号,将本机重启或者断电;The power exchange controller converts the power supply and distribution signal input from the outside, obtains the required secondary power supply voltage, and supplies power to the central processing controller of the other party. restart or power off;
复位电路,上电后产生复位信号,控制中央处理控制器复位;接受中央处理控制器输出的“喂狗”操作,预设的时间内未收到中央处理控制器输出的“喂狗”操作,则产生复位信号,控制中央处理控制器复位。The reset circuit generates a reset signal after power-on to control the reset of the central processing controller; accepts the "feed the dog" operation output by the central processing controller, and does not receive the "feed the dog" output from the central processing controller within the preset time, Then a reset signal is generated to control the reset of the central processing controller.
载荷供配电模块包括驱动指令融合模块、功率恒定配电管理模块、功率非恒定配电管理模块;The load power supply and distribution module includes a drive command fusion module, a power constant power distribution management module, and a power non-constant power distribution management module;
驱动指令融合模块,将主机与备机的同一个通路的加电或断电驱动指令并联后得到融合驱动指令,再将该融合驱动指令发送给通路对应的功率恒定配电管理模块和/或功率非恒定配电管理模块;Drive command fusion module, connect the power-on or power-off drive commands of the same channel of the host and the standby machine in parallel to obtain a fusion drive command, and then send the fusion drive command to the constant power distribution management module and/or power distribution corresponding to the channel Non-constant power distribution management module;
功率恒定配电管理模块,输出功率恒定的供电信号;Constant power distribution management module, output power supply signal with constant power;
功率非恒定配电管理模块,输出功率非恒定的供电信号。The power non-constant power distribution management module outputs power supply signals with non-constant power.
所述功率恒定配电管理模块包括:两个指令驱动模块,分别记为第一指令驱动模块和第二指令驱动模块,两个配电输出模块,分别记为第一配电输出模块和第二配电输出模块;The constant power distribution management module includes: two command drive modules, respectively denoted as a first command drive module and a second command drive module, and two power distribution output modules, respectively denoted as a first power distribution output module and a second power distribution output module. Power distribution output module;
指令驱动模块,包括电阻R1、R2、R3、R4,三极管V1、V2,电阻R1的一端为指令驱动模块的输入端,另一端连接三极管V1的基极,电阻R2跨接在三极管V1的基极和发射极之间,三极管V1的发射极接地,三极管V1的集电极为指令驱动模块的输出端;电阻R3的一端为指令驱动模块的输入端,另一端连接三极管V2的基极,电阻R4跨接在三极管V2的基极和发射极之间,三极管V2的发射极接地,三极管V2的集电极为指令驱动模块的输出端;Command drive module, including resistors R1, R2, R3, R4, transistors V1, V2, one end of the resistor R1 is the input end of the command drive module, the other end is connected to the base of the transistor V1, and the resistor R2 is connected across the base of the transistor V1 Between it and the emitter, the emitter of the transistor V1 is grounded, and the collector of the transistor V1 is the output end of the command drive module; one end of the resistor R3 is the input end of the command drive module, the other end is connected to the base of the transistor V2, and the resistor R4 is across the Connected between the base and the emitter of the triode V2, the emitter of the triode V2 is grounded, and the collector of the triode V2 is the output end of the command drive module;
配电输出模块均包括磁保持继电器K1、电阻R9、R10、R11、R12、R13、R14,MOS管MOS1;磁保持继电器K1为双端双掷开关,共有6个触点,其中两个触点接地作为开关的不动端,另两个触点悬空作为开关的第一动端,再两个触点作为开关的的第二动端,并联连接在电阻R13的一端,电阻R13的另一端分成两路,一路与电阻R14串联连接至载荷配电电源母线,另一路连接至MOS管的栅极;The power distribution output modules include magnetic latching relay K1, resistors R9, R10, R11, R12, R13, R14, MOS tube MOS1; the magnetic latching relay K1 is a double-ended double-throw switch, with a total of 6 contacts, of which two contacts The ground is used as the fixed end of the switch, the other two contacts are suspended as the first moving end of the switch, and the other two contacts are used as the second moving end of the switch, which are connected in parallel to one end of the resistor R13, and the other end of the resistor R13 is divided into Two circuits, one is connected in series with the resistor R14 to the load distribution power bus, and the other is connected to the gate of the MOS tube;
第一指令驱动模块和第二指令驱动模块的输入端都连接融合后的配电指令信号;第一指令驱动模块的输出端连接功率恒定通道断电信号端;第二指令驱动模块的输出端连接功率恒定通道加电信号端;The input terminals of the first command driving module and the second command driving module are both connected to the power distribution command signal after fusion; the output terminal of the first command driving module is connected to the power-off signal terminal of the constant power channel; the output terminal of the second command driving module is connected to Constant power channel power-on signal terminal;
第一配电输出模块和第二配电输出模块的MOS管的漏极连接功率恒定通道母线;第一配电输出模块和第二配电输出模块的磁保持继电器K1第一线包的一端连接功率恒定通道的断电信号,另一端通过并联的电阻R9和R10连接至设备二次电源正母线,磁保持继电器K1第二线包一端连接功率恒定通道加电信号,另一端通过并联的电阻R11和R12连接至设备二次电源正母线;The drains of the MOS tubes of the first power distribution output module and the second power distribution output module are connected to the constant power channel bus; the first power distribution output module and the second power distribution output module are connected to one end of the first wire package of the magnetic latching relay K1 The power-off signal of the constant power channel, the other end is connected to the positive busbar of the secondary power supply of the device through the parallel resistors R9 and R10. R12 is connected to the positive busbar of the secondary power supply of the equipment;
配电输出模块还包括电容C1、配电输出,电容C1和电容配电输出串联连接,跨接在载荷配电电源母线与MOS管的栅极之间。The power distribution output module also includes a capacitor C1 and a power distribution output. The capacitor C1 and the capacitor power distribution output are connected in series and connected across the load distribution power bus and the grid of the MOS tube.
所述配电输出模块还包括二级管V5、V6、V7、V8,所述二级管V5、V6跨接在第一配电输出模块磁保持继电器第一线包两端;所述二级管V7、V8跨接在第二配电输出模块磁保持继电器第二线包两端。The power distribution output module further includes diodes V5, V6, V7, and V8, and the diodes V5 and V6 are connected across the two ends of the first wire package of the magnetic latching relay of the first power distribution output module; The tubes V7 and V8 are connected across the two ends of the second wire package of the magnetic latching relay of the second power distribution output module.
所述功率恒定配电管理模块包括:The constant power distribution management module includes:
八个指令驱动模块,记为:第一指令驱动模块、第二指令驱动模块、第三指令驱动模块、第四指令驱动模块、第五指令驱动模块、第六指令驱动模块、第七指令驱动模块、第八指令驱动模块;Eight command driving modules, denoted as: the first command driving module, the second command driving module, the third command driving module, the fourth command driving module, the fifth command driving module, the sixth command driving module, the seventh command driving module , the eighth command drive module;
四个指令保持模块,第一指令保持模块、第二指令保持模块、第三指令保持模块、第四指令保持模块;Four command holding modules, a first command holding module, a second command holding module, a third command holding module, and a fourth command holding module;
八个配电输出模块,第一配电输出模块、第二配电输出模块、第三配电输出模块、第四配电输出模块、第五配电输出模块、第六配电输出模块、第七配电输出模块、第八配电输出模块;Eight distribution output modules, the first distribution output module, the second distribution output module, the third distribution output module, the fourth distribution output module, the fifth distribution output module, the sixth distribution output module, the Seven power distribution output modules, eighth power distribution output modules;
指令驱动模块,包括电阻R21、R22、三极管V21,电阻R21的一端为指令驱动模块的输入端,另一端连接三极管V21的基极,电阻R22跨接在三极管V21的基极和发射极之间,三极管V1的发射极接地,三极管V21的集电极为指令驱动模块的输出端;The command drive module includes resistors R21, R22, and a transistor V21. One end of the resistor R21 is the input end of the command drive module, and the other end is connected to the base of the transistor V21. The resistor R22 is connected across the base and the emitter of the transistor V21. The emitter of the triode V1 is grounded, and the collector of the triode V21 is the output end of the command drive module;
指令保持模块,包括磁保持继电器K3,二级管V31、V32、V33、V34,电阻R41、R42、R43、R44,所述二级管V31、V32跨接在磁保持继电器K3第一线包两端;所述二级管V33、V34跨接在磁保持继电器K3第二线包两端。磁保持继电器K3第一线包的一端连接第一输入信号,另一端通过并联的电阻R41和R42连接至设备二次电源正母线,磁保持继电器K3第二线包一端连接第二输入信号,另一端通过并联的电阻R43和R44连接至设备二次电源正母线;磁保持继电器K3为双端双掷开关,共有6个触点,其中两个触点接地作为开关的不动端,另两个触点悬空作为开关的第一动端,再两个触点作为开关的的第二动端,并联连接至指令保持输出端;The command hold module includes a magnetic latching relay K3, diodes V31, V32, V33, V34, and resistors R41, R42, R43, R44, and the diodes V31 and V32 are connected across the first wire pack of the magnetic latching relay K3. The diodes V33 and V34 are connected across the two ends of the second wire package of the magnetic latching relay K3. One end of the first wire package of the magnetic latching relay K3 is connected to the first input signal, and the other end is connected to the positive busbar of the secondary power supply of the device through the parallel resistors R41 and R42. One end of the second wire package of the magnetic latching relay K3 is connected to the second input signal, and the other end is connected to the second input signal It is connected to the positive busbar of the secondary power supply of the equipment through the parallel resistors R43 and R44; the magnetic latching relay K3 is a double-ended double-throw switch, with a total of 6 contacts, of which two contacts are grounded as the fixed end of the switch, and the other two contacts The floating point is used as the first moving terminal of the switch, and the two contacts are used as the second moving terminal of the switch, which are connected in parallel to the command holding output terminal;
配电输出模块均包括电阻R49、R50,电容C11、C12,MOS管MOS11;电阻R49的一端连接在配电指令输入端,电阻R50的另一端分成两路,一路与电阻R49串联连接至MOS11的源极,另一路连接至MOS11的栅极,电容C11和C12串联后跨接在R49的两端;The power distribution output modules include resistors R49, R50, capacitors C11, C12, and MOS tube MOS11; one end of the resistor R49 is connected to the power distribution command input terminal, and the other end of the resistor R50 is divided into two circuits, one of which is connected in series with the resistor R49 to the MOS11 The source, the other way is connected to the gate of MOS11, and the capacitors C11 and C12 are connected in series across the two ends of R49;
第一指令驱动模块、第二指令驱动模块、第三指令驱动模块、第四指令驱动模块、第五指令驱动模块、第六指令驱动模块、第七指令驱动模块、第八指令驱动模块的三极管集电极输出端分别为功率非恒定通道第一断电信号、功率非恒定通道第二断电信号、功率非恒定通道第三断电信号、功率非恒定通道第四断电信号、功率非恒定通道第一加电信号、功率非恒定通道第二加电信号、功率非恒定通道第三加电信号、功率非恒定通道第三加电信号;The transistor set of the first command driving module, the second command driving module, the third command driving module, the fourth command driving module, the fifth command driving module, the sixth command driving module, the seventh command driving module and the eighth command driving module The output terminals of the electrodes are the first power-off signal of the non-constant power channel, the second power-off signal of the non-constant power channel, the third power-off signal of the non-constant power channel, the fourth power-off signal of the non-constant power channel, and the first power-off signal of the non-constant power channel. A power-on signal, a second power-on signal for a non-constant power channel, a third power-on signal for a non-constant power channel, and a third power-on signal for a non-constant power channel;
第一指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第一断电信号和功率非恒定通道第一加电信号;The first input terminal and the second input terminal of the first command holding module are respectively connected to the first power-off signal of the non-constant power channel and the first power-on signal of the non-constant power channel;
第二指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第二断电信号和功率非恒定通道第二加电信号;The first input end and the second input end of the second instruction holding module are respectively connected to the second power-off signal of the non-constant power channel and the second power-on signal of the non-constant power channel;
第三指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第三断电信号和功率非恒定通道第三加电信号;The first input terminal and the second input terminal of the third instruction holding module are respectively connected to the third power-off signal of the non-constant power channel and the third power-on signal of the non-constant power channel;
第四指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第四断电信号和功率非恒定通道第四加电信号;The first input terminal and the second input terminal of the fourth instruction holding module are respectively connected to the fourth power-off signal of the non-constant power channel and the fourth power-on signal of the non-constant power channel;
第一指令保持模块的指令保持输出端端连接第一配电输出模块和第二配电输出模块的配电指令输入端;The command holding output terminal of the first command holding module is connected to the power distribution command input terminals of the first power distribution output module and the second power distribution output module;
第二指令保持模块的指令保持输出端连接第三配电输出模块和第四配电输出模块的配电指令输入端;The command holding output terminal of the second command holding module is connected to the power distribution command input terminals of the third power distribution output module and the fourth power distribution output module;
第三指令保持模块的指令保持输出端连接第五配电输出模块和第六配电输出模块的配电指令输入端;The command holding output terminal of the third command holding module is connected to the power distribution command input terminals of the fifth power distribution output module and the sixth power distribution output module;
第四指令保持模块的指令保持输出端连接第七配电输出模块和第八配电输出模块的配电指令输入端。The command holding output terminal of the fourth command holding module is connected to the power distribution command input terminals of the seventh power distribution output module and the eighth power distribution output module.
第一配电输出模块中的MOS管源极连接载荷配电电源母线,MOS管漏极连接第三配电模块中的MOS管源极;The source of the MOS tube in the first power distribution output module is connected to the load distribution power bus, and the drain of the MOS tube is connected to the source of the MOS tube in the third power distribution module;
第二配电输出模块中的MOS管源极连接载荷配电电源母线,MOS管漏极连接第四配电模块中的MOS管源极;The source of the MOS tube in the second power distribution output module is connected to the load distribution power bus, and the drain of the MOS tube is connected to the source of the MOS tube in the fourth power distribution module;
第五配电输出模块中的MOS管源极连接载荷配电电源母线,MOS管漏极连接第七配电模块中的MOS管源极;The source of the MOS tube in the fifth power distribution output module is connected to the load distribution power bus, and the drain of the MOS tube is connected to the source of the MOS tube in the seventh power distribution module;
第六配电输出模块中的MOS管源极连接载荷配电电源母线,MOS管漏极连接第八配电模块中的MOS管源极。The source of the MOS tube in the sixth power distribution output module is connected to the load distribution power bus, and the drain of the MOS tube is connected to the source of the MOS tube in the eighth power distribution module.
本发明与现有技术相比有益效果为:Compared with the prior art, the present invention has the following beneficial effects:
(1)、当备机通过回采确认状态后,方能完成当班机切换,使得主备切换过程不会对在轨飞行器的时序流程和接收指令造成影响;(1) When the standby aircraft confirms the status through the retrieval, the current flight switching can be completed, so that the main-standby switching process will not affect the timing process and receiving instructions of the on-orbit aircraft;
(2)、通过硬件单路的冗余设计,任一指令驱动电路或MOS管失效均不会影响指令执行效果,避免因为单粒子反转等因素导致指令执行失败;(2) Through the redundant design of hardware single channel, the failure of any command drive circuit or MOS tube will not affect the command execution effect, avoiding the failure of command execution due to factors such as single event inversion;
(3)若当班机因偶发故障导致指令未正常执行,可根据回采状态确认执行失败后,由非当班机补发一次指令,提升可靠性;(3) If the command is not executed normally due to an accidental failure on the current flight, after confirming the execution failure according to the recovery status, the non-on-duty flight will reissue the command once to improve reliability;
(4)、本发明切换策略通过CPU中的软件实现,不需要增加额外的硬件成本;(4), the switching strategy of the present invention is realized by the software in the CPU, and does not need to increase the extra hardware cost;
(5)、本发明切机后若确认主机失效则断开电源,节约电池电量。(5) The present invention disconnects the power supply if it is confirmed that the host machine fails after the machine is switched off, thereby saving battery power.
(6)、本发明可应用于电气设备,尤其是在轨飞行器电子设备的冗余备份设计,具备灵活性强、可靠性强的特点,有利于在轨飞行器更好的执行空间试验任务。(6) The present invention can be applied to electrical equipment, especially the redundant backup design of electronic equipment of on-orbit aircraft.
附图说明Description of drawings
图1为本发明实施例双机冗余的工作流程;Fig. 1 is the workflow of dual-machine redundancy according to an embodiment of the present invention;
图2为本发明实施例系统功能框图;2 is a functional block diagram of a system according to an embodiment of the present invention;
图3为本发明实施例指令解析电路;3 is an instruction parsing circuit according to an embodiment of the present invention;
图4为本发明实施例功率恒定供电通道冗余电路;FIG. 4 is a redundant circuit of a constant power supply channel according to an embodiment of the present invention;
图5为本发明实施例功率非恒定供电通道冗余电路;FIG. 5 is a redundant circuit of a power supply channel with non-constant power according to an embodiment of the present invention;
图6为本发明实施例遥控指令接收模块电路。FIG. 6 is a circuit of a remote control command receiving module according to an embodiment of the present invention.
具体实施方式Detailed ways
以下结合附图和具体实施例对本发明进行详细描述。The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
本发明提供了一种抗单粒子辐照的平滑切换双机冗余配电系统,该系统包括主机、备机和载荷供配电模块。The invention provides a smooth switching dual-machine redundant power distribution system resistant to single particle irradiation, the system includes a main machine, a backup machine and a load power supply and distribution module.
如图1所示,该系统具备下列特点:As shown in Figure 1, the system has the following characteristics:
(1)、主机和备机互为当班机和非当班机,当班机和非当班机将自身的健康状态和当前工作状态发送给对方,确保非当班机和当班机知悉对方的当前工作状态;所述健康状态包括心跳信号、复位信号、供电电压;所述工作状态包括系统时间、最新外部指令、最近的外部指令执行后的状态。(1) The main engine and the standby machine are each other's on-duty and non-on-duty planes, and the on-duty and non-on-duty planes send their health status and current working status to each other to ensure that the off-duty plane and the on-duty plane know each other's current working status; The health state includes a heartbeat signal, a reset signal, and a power supply voltage; the working state includes system time, the latest external command, and the state after the latest external command is executed.
(2)、当班机根据预设的时序或者接收外部输入的配电指令输出配电控制信号至载荷供配电模块,控制载荷供配电的通断,并回采载荷供配电模块输出端的母线电压,根据回采结果,判断配电指令是否正确执行,当指令未正确执行时,则由当班机将该配电指令经内部串口发送至非当班机,并暂时启用非当班机的输出控制功能,由非当班机补充执行一次该配电指令。(2) When the flight is in accordance with the preset sequence or receives the power distribution command input from the outside, it outputs the power distribution control signal to the load power supply and distribution module, controls the on-off of the load power supply and distribution, and retrieves the busbar at the output end of the load power supply and distribution module. voltage, according to the retrieval result, determine whether the power distribution command is executed correctly, when the command is not executed correctly, the power distribution command will be sent to the non-on-duty aircraft through the internal serial port by the on-duty aircraft, and the output control function of the non-on-duty aircraft will be temporarily enabled. The power distribution instruction is supplemented by an off-duty flight.
(3)、非当班机只接收当班机健康状态和工作状态信息,不接收外部指令;(3) The non-on-duty flight only receives the health status and working status information of the on-duty flight, and does not receive external instructions;
(4)、非当班机实时监测当班机健康状态,当非当班机检测到当班机连续N次狗咬或供电电压低于4.4V时,判定当班机异常,当非当班机检测到当班机异常时,根据之前保存的当班机最新正常工作状态,开启自身的输出控制与接收外部指令功能,按照预设流程或外部指令,执行后续的配电操作,并回采操作结果,当回采操作结果执行正确时,控制原当班机重新上电复位,原当班机上电复位后默认为非当班机状态,禁用输出控制与指令接收功能,完成切机操作。(4) Real-time monitoring of the health status of the non-duty flight. When the non-duty flight detects N consecutive dog bites or the power supply voltage is lower than 4.4V, it is determined that the current flight is abnormal. When the non-duty flight detects that the current flight is abnormal At this time, according to the latest normal working status of the flight that was saved before, it will open its own output control and receive external command functions, execute subsequent power distribution operations according to the preset process or external commands, and retrieve the operation results. When the retrieval operation results are executed correctly When the power on the original flight is reset, the original flight will default to the non-on-duty state after power-on reset, and the output control and command receiving functions will be disabled to complete the machine switching operation.
(5)当班机实时监测非当班机的健康状态,当非当班机连续出现N次以上狗咬复位时,当班机向非当班机发送上电复位信号;若复位后再次出现N次狗咬,则当班机控制非当班机电源断电,停止工作。(5) When the flight monitors the health status of the non-operating flight in real time, when the non-operating flight has more than N consecutive dog bites and resets, the flight will send a power-on reset signal to the non-operating flight; if there are N dog bites again after the reset, Then when the flight controls the non-duty flight, the power supply is cut off and stops working.
如图2所示,主机和备机完全相同,包括中央处理控制器、遥控指令接收接口模块、双机交互接口模块、配电状态采集电路、配电指令解析电路、电源变换控制模块;As shown in Figure 2, the main machine and the standby machine are exactly the same, including the central processing controller, the remote control command receiving interface module, the dual-machine interaction interface module, the power distribution state acquisition circuit, the power distribution command parsing circuit, and the power conversion control module;
中央处理控制器,实时地将自身的健康状态和当前工作状态发送至双机交互接口模块,将双机交互接口模块接收的备机或者主机的健康状态和当前工作状态保存,并检测备机或者主机运行是否正常;若非当班机出现异常,则由当班机控制非当班机重启,重启再次累积连续N次狗咬,则将非当班机断电;若当班机出现异常,则开启非当班机的输出控制功能,将原当班机重启,重启后禁用输出控制功能,完成双机切换,若原当班机重启再次累积连续N次狗咬,则由新当班机控制其断电;The central processing controller sends its own health status and current working status to the dual-machine interactive interface module in real time, saves the health status and current working status of the standby machine or host received by the dual-machine interactive interface module, and detects the standby machine or Whether the main engine is running normally; if the non-duty flight is abnormal, the non-duty flight will be controlled by the non-duty flight to restart, and the restart will accumulate N consecutive dog bites again, and the non-duty flight will be powered off; if the non-duty flight is abnormal, the non-duty flight will be turned on Output control function, restart the original flight, disable the output control function after restarting, complete the dual-machine switching, if the original flight restarts and accumulates N consecutive dog bites again, the new flight will control its power off;
当班机模式下,根据预设时序生成配电指令或者接收遥控指令接收接口模块输入的配电指令,输出配电选通指令和对应通路的加电或断电驱动指令至载荷供配电模块;根据信号采集模块回采的配电结果,判断配电指令是否正确执行,如果配电指令未正确执行时,则将该配电指令发送至交互接口模块;控制非当班机遥控指令接收接口模块使能信号为“无效”状态,使得非当班机不接收外部输入的配电指令;In flight mode, generate power distribution instructions according to the preset sequence or receive remote control instructions, receive power distribution instructions input from the interface module, and output power distribution gating instructions and corresponding channel power-on or power-off drive instructions to the load power supply and distribution module; According to the power distribution result retrieved by the signal acquisition module, it is judged whether the power distribution command is correctly executed. If the power distribution command is not executed correctly, the power distribution command is sent to the interactive interface module; The signal is in the "inactive" state, so that the off-duty aircraft does not receive the power distribution command input from the outside;
非当班机模式下,接收交互接口模块发送的配电指令,根据该配电指令输出配电选通指令和对应通路的加电或断电驱动指令至载荷供配电模块;当检测到当班机运行异常时,启用非当班机自身的输出控制功能与外部指令接收接口,读取保存的当班机最新正常工作状态,按照该正常工作状态之后的时序,继续生成配电指令或者接收遥控指令接收接口模块输入的配电指令,输出配电选通指令至载荷供配电模块,根据信号采集模块回采的配电结果,判断配电指令是否正确执行,如果配电指令正确执行,则将切换为当班机工作模式,并向原当班机的电源交换控制器发送重启指令;In the off-duty mode, receive the power distribution instruction sent by the interactive interface module, and output the power distribution gating instruction and the power-on or power-off drive instruction of the corresponding channel to the load power supply and distribution module according to the power distribution instruction; When the operation is abnormal, enable the output control function of the non-on-duty aircraft and the external command receiving interface, read the saved latest normal working state of the on-duty aircraft, and continue to generate power distribution commands or receive remote control commands according to the sequence after the normal working state. The power distribution command input by the module outputs the power distribution gating command to the load power supply and distribution module, and judges whether the power distribution command is executed correctly according to the power distribution result retrieved by the signal acquisition module. flight working mode, and send a restart command to the power exchange controller of the original flight;
遥控指令接收接口模块,在使能信号的控制下,当使能信号“有效”时,接收外部输入的配电指令,并输出配电指令给中央处理控制器,当使能信号“无效”时,不接受外部输入的配电指令,不输出配电指令至中央处理控制器;The remote control command receiving interface module, under the control of the enable signal, when the enable signal is "valid", receives the power distribution command input from the outside, and outputs the power distribution command to the central processing controller, when the enable signal is "invalid" , does not accept externally input power distribution instructions, and does not output power distribution instructions to the central processing controller;
信号采集模块,采集载荷供配电模块输出端各载荷的母线电压,并发送给中央处理控制器;The signal acquisition module collects the bus voltage of each load at the output end of the load power supply and distribution module, and sends it to the central processing controller;
配电指令解析电路,将中央处理控制器发出的配电选通指令译码,选择对应通路的加电或断电驱动指令输出;对于仅需要确保接通的功率恒定配电通道,产生一对互补的加电与断电指令;对于接通和断开可靠性均有较高要求的功率恒定配电通道,共产生四对互补的加电与断电指令。The power distribution command parsing circuit decodes the power distribution gating command issued by the central processing controller, and selects the power-on or power-off drive command output of the corresponding channel; for the power distribution channel that only needs to be ensured to be connected, a pair of Complementary power-on and power-off commands; four pairs of complementary power-on and power-off commands are generated for the constant-power power distribution channel that has high requirements for on and off reliability.
电源交换控制器,将外部输入的供配电信号进行电源转换,得到所需的二次电源电压,为对方的中央处理控制器供电,同时,接收对方中央处理控制器的控制信号,将本机重启或者断电。The power exchange controller converts the power supply and distribution signal input from the outside, obtains the required secondary power supply voltage, and supplies power to the central processing controller of the other party. reboot or power off.
复位电路,上电后产生复位信号,控制中央处理控制器复位;接受中央处理控制器输出的“喂狗”操作,预设的时间内未收到中央处理控制器输出的“喂狗”操作,则产生复位信号,控制中央处理控制器复位。The reset circuit generates a reset signal after power-on to control the reset of the central processing controller; accepts the "feed the dog" operation output by the central processing controller, and does not receive the "feed the dog" output from the central processing controller within the preset time, Then a reset signal is generated to control the reset of the central processing controller.
实施例:Example:
下面以在轨飞行器的双冗余配电系统为例,对本发明进行详细说明。The present invention will be described in detail below by taking a dual redundant power distribution system of an on-orbit aircraft as an example.
在轨飞行器的双冗余配电系统可根据自身时序或通过422串口接收地面经由天基测控发送的指令,来实现对功率恒定配电通道的接通控制,以及对功率非恒定配电通道的通断控制。The dual-redundant power distribution system of the on-orbit aircraft can receive commands sent from the ground via space-based measurement and control according to its own sequence or through the 422 serial port, so as to realize the switch-on control of the constant power distribution channel and the control of the power distribution channel with non-constant power. On-off control.
如图2所示,双冗余配电系统包括中央处理控制模块(包含主备两套的CPU处理电路与复位电路)、载荷供配电模块(包含主备两套的配电指令解析电路、功率恒定供配电电路和功率非恒定配电电路)以及遥控指令接收模块(包括主备两套)。As shown in Figure 2, the dual redundant power distribution system includes a central processing control module (including two sets of main and standby CPU processing circuits and reset circuits), a load power supply and distribution module (including two sets of main and standby power distribution instruction parsing circuits, Power constant power supply and distribution circuit and power non-constant power distribution circuit) and remote control command receiving module (including two sets of main and standby).
1.中央处理控制模块设计:1. Central processing control module design:
1.1CPU电路1.1 CPU circuit
当班机与非当班机各采用一个80C32型号的单片机,内置中央处理单元、128字节内部数据存储RAM、32个双向输入/输出I/O口、2个16位定时/计数器和5个两级中断结构,一个全双工串行通信口,片内时钟振荡电路。One 80C32 single-chip microcomputer is used for the on-the-fly and non-on-flight flights, with a built-in central processing unit, 128 bytes of internal data storage RAM, 32 bidirectional input/output I/O ports, 2 16-bit timers/counters and 5 two-stage Interrupt structure, a full-duplex serial communication port, on-chip clock oscillator circuit.
当班机的CPU与非当班机CPU间通过内部的RS422串口,交互心跳信号、复位信号、供电电压等健康状态信息以及系统时间、最新外部指令等工作状态信息。Through the internal RS422 serial port, the CPU on the flight and the CPU on the off-duty exchange exchange health status information such as heartbeat signal, reset signal, power supply voltage, and working status information such as system time and the latest external command.
1.2复位电路设计1.2 Reset circuit design
设备复位电路由初始上电复位电路、“看门狗”复位和重启复位电路组成。The device reset circuit consists of an initial power-on reset circuit, a "watchdog" reset, and a restart reset circuit.
i.初始上电复位电路i. Initial power-on reset circuit
为保证设备上电后CPU具有稳定的初始状态,同时保证振荡器进入稳定状态后软件开始运行,必须有上电复位电路,设计时采用常用的RC充电电路加施密特反相器实现。In order to ensure that the CPU has a stable initial state after the device is powered on, and at the same time to ensure that the software starts to run after the oscillator enters a stable state, a power-on reset circuit must be provided. The commonly used RC charging circuit plus a Schmitt inverter is used in the design.
ii.看门狗复位电路ii. Watchdog reset circuit
“看门狗”电路是定时器监测电路,采用二进制计数器54HC4060配置RC电路组成,计时与软件无关,时间常数清零由软件执行“喂狗”操作。若软件出现程序“跑飞”或“死机”,则无法执行“喂狗”操作,进而出现狗咬复位。若当班机记录非当班机的连续狗咬次数累积到4次,则判定对方出现故障,控制非当班机重启,重启后再次累积连续4次狗咬,则控制非当班机断电。;若非班机记录当班机的连续狗咬次数累积到4次,则判定对方出现故障,进入双机切换流程,切换完成后,将原当班机重启。若重启后再次累积连续4次狗咬,则将原当班机断电。The "watchdog" circuit is a timer monitoring circuit, which is composed of a binary counter 54HC4060 configured with an RC circuit. The timing has nothing to do with the software. The time constant is cleared by the software to perform the "feeding the dog" operation. If the program "runs away" or "crash" appears in the software, the "feed the dog" operation cannot be performed, and the dog bite reset occurs. If the number of consecutive dog bites recorded by the on-duty flight has accumulated to 4 times, it will be determined that the other party is faulty, and the off-duty plane will be controlled to restart. ; If the number of consecutive dog bites on the flight that is not recorded by the flight has accumulated to 4 times, it is determined that the other party has a fault, and the dual-machine switching process is entered. After the switching is completed, the original flight will be restarted. If 4 consecutive dog bites are accumulated again after the restart, the original flight will be powered off.
iii.重启复位电路iii. Restart the reset circuit
重启复位电路选用MAX706实现,在设备上电过程中产生200ms的上电复位信号,使得80C32E系统能够有效复位。当连续出现四次狗咬后,则执行重启操作;同时该芯片具有电压监测功能,若当班机监测到电源电压低于约4.4V时,将该信息告知非当班机,作为进入双机切换流程的条件,待确认切换完成后,原当班机的MAX706的RESET管脚一直输出复位电平,实现断电。若非当班机监测到电源电压低于约4.4V时,则直接使MAX706的RESET管脚一直输出复位电平,实现断电。The restart reset circuit is implemented by MAX706, which generates a 200ms power-on reset signal during the power-on process of the device, so that the 80C32E system can be reset effectively. When the dog bites four times in a row, the restart operation is performed; at the same time, the chip has a voltage monitoring function. If the flight monitor detects that the power supply voltage is lower than about 4.4V, the information will be notified to the non-on-duty flight, as the process of entering the dual-machine switching process. After confirming that the switching is completed, the RESET pin of the MAX706 that was on the flight has been outputting the reset level to realize the power-off. Unless the flight monitor detects that the power supply voltage is lower than about 4.4V, the RESET pin of the MAX706 will directly output the reset level to achieve power-off.
2.载荷供配电模块设计2. Load power supply and distribution module design
2.1指令解析电路2.1 Instruction parsing circuit
主机指令解析电路通过主机CPU产生的输入地址线A_A0~A_A3,数据线A_D0~A_D7,板选信号A_CS_PD*,写信号A_WR*。将地址线送入3-8译码器,产生锁存器的选通信号A_SEL1~A_SEL5,然后由锁存器产生配电模块的驱动指令。The host command parsing circuit generates the input address lines A_A0 to A_A3, the data lines A_D0 to A_D7, the board selection signal A_CS_PD*, and the write signal A_WR* generated by the host CPU. The address line is sent to the 3-8 decoder to generate the strobe signals A_SEL1 to A_SEL5 of the latch, and then the drive command of the power distribution module is generated by the latch.
备机指令解析电路通过输入地址线B_A0~B_A3,数据线B_D0~B_D7,板选信号B_CS_PD*,写信号B_WR*。将地址线送入3-8译码器,产生锁存器的选通信号B_SEL1~B_SEL5,然后由锁存器产生配电模块的驱动指令。不同的选通信号用于选择不同的锁存器,产生不同的驱动指令。The standby machine instruction parsing circuit inputs address lines B_A0~B_A3, data lines B_D0~B_D7, board selection signal B_CS_PD*, and write signal B_WR*. The address line is sent to the 3-8 decoder to generate the strobe signals B_SEL1 to B_SEL5 of the latch, and then the drive command of the power distribution module is generated by the latch. Different strobe signals are used to select different latches and generate different drive commands.
当班机与非当班机的驱动指令并联后得到最终的驱动指令(即图3中的cmd1~cmd6),正常状态下,由于非当班机的CPU为非使能状态,非当班机的指令解析电路不工作,驱动指令由当班机决定。当主机检测到发出的指令未执行时,则由非当班机暂时开启自身的输出控制功能,由非当班机的指令解析电路产生驱动指令,实现指令补发。When the driving commands of the flight and the non-on-duty aircraft are connected in parallel, the final driving command (ie, cmd1 to cmd6 in Figure 3) is obtained. Under normal conditions, since the non-on-duty aircraft's CPU is disabled, the non-on-duty aircraft's instruction parsing circuit Not working, the drive order is determined by the flight. When the host detects that the command issued is not executed, the non-on-duty aircraft temporarily turns on its own output control function, and the non-on-duty aircraft's command parsing circuit generates the driving command to realize the command reissue.
2.2功率恒定供配电管理模块2.2 Constant power supply and distribution management module
功率恒定供配电管理模块为载荷提供恒定小功率的供电输出,需要确保其接通可靠性。主备机共用同一套供配电电路,由两个MOS管并联控制。对上述的驱动指令经三极管放大驱动后作为供配电电路的控制电平,控制电平由磁保持继电器锁存状态,即使二次电源或者CPU故障,也可保持此前的状态。The constant power supply and distribution management module provides a constant low-power power supply output for the load, and needs to ensure its reliability. The main and standby machines share the same set of power supply and distribution circuits, which are controlled by two MOS tubes in parallel. The above drive command is amplified and driven by the triode as the control level of the power supply and distribution circuit, and the control level is latched by the magnetic latching relay. Even if the secondary power supply or CPU fails, the previous state can be maintained.
如图4所示,所述功率恒定配电管理模块包括:两个指令驱动模块,分别记为第一指令驱动模块和第二指令驱动模块,两个配电输出模块,分别记为第一配电输出模块和第二配电输出模块。As shown in FIG. 4 , the constant power distribution management module includes: two command drive modules, respectively denoted as a first command drive module and a second command drive module, and two power distribution output modules, respectively denoted as the first command drive module An electrical output module and a second power distribution output module.
指令驱动模块,包括电阻R1、R2、R3、R4,三极管V1、V2,电阻R1的一端为指令驱动模块的输入端,另一端连接三极管V1的基极,电阻R2跨接在三极管V1的基极和发射极之间,三极管V1的发射极接地,三极管V1的集电极为指令驱动模块的输出端;电阻R3的一端为指令驱动模块的输入端,另一端连接三极管V2的基极,电阻R4跨接在三极管V2的基极和发射极之间,三极管V2的发射极接地,三极管V2的集电极为指令驱动模块的输出端;Command drive module, including resistors R1, R2, R3, R4, transistors V1, V2, one end of the resistor R1 is the input end of the command drive module, the other end is connected to the base of the transistor V1, and the resistor R2 is connected across the base of the transistor V1 Between it and the emitter, the emitter of the transistor V1 is grounded, and the collector of the transistor V1 is the output end of the command drive module; one end of the resistor R3 is the input end of the command drive module, the other end is connected to the base of the transistor V2, and the resistor R4 is across the Connected between the base and the emitter of the triode V2, the emitter of the triode V2 is grounded, and the collector of the triode V2 is the output end of the command drive module;
配电输出模块包括磁保持继电器K1、电阻R9、R10、R11、R12、R13、R14,MOS管MOS1;磁保持继电器K1为双端双掷开关,共有6个触点,其中两个触点(4和9)接地作为开关的不动端,另两个触点悬空(2和8)作为开关的第一动端,再两个触点(3和7)作为开关的的第二动端,并联连接在电阻R13的一端,第一线包加电的时候,开关接到不动端,第二线包加电的时候,开关接到动端。电阻R13的另一端分成两路,一路与电阻R14串联连接至载荷配电电源母线(28v),另一路连接至MOS管的栅极。The power distribution output module includes magnetic latching relay K1, resistors R9, R10, R11, R12, R13, R14, MOS tube MOS1; the magnetic latching relay K1 is a double-ended double-throw switch, with a total of 6 contacts, two of which ( 4 and 9) grounding is used as the stationary end of the switch, the other two contacts are floating (2 and 8) as the first movable end of the switch, and the other two contacts (3 and 7) are used as the second movable end of the switch, It is connected in parallel at one end of the resistor R13. When the first wire package is powered on, the switch is connected to the stationary terminal, and when the second wire package is powered on, the switch is connected to the moving terminal. The other end of the resistor R13 is divided into two paths, one is connected in series with the resistor R14 to the load distribution power bus (28v), and the other is connected to the gate of the MOS tube.
第一指令驱动模块和第二指令驱动模块的输入端都连接融合后的配电指令信号;第一指令驱动模块的输出端连接功率恒定通道断电信号端;第二指令驱动模块的输出端连接功率恒定通道加电信号端。The input terminals of the first command driving module and the second command driving module are both connected to the power distribution command signal after fusion; the output terminal of the first command driving module is connected to the power-off signal terminal of the constant power channel; the output terminal of the second command driving module is connected to Constant power channel power-on signal terminal.
第一配电输出模块和第二配电输出模块的MOS管的漏极连接功率恒定通道母线;第一配电输出模块和第二配电输出模块的磁保持继电器K1第一线包的一端连接功率恒定通道的断电信号,另一端通过并联的电阻R9和R10连接至设备二次电源正母线(+12V),磁保持继电器K1第二线包一端连接功率恒定通道加电信号,另一端通过并联的电阻R11和R12连接至设备二次电源正母线(+12V)。The drains of the MOS tubes of the first power distribution output module and the second power distribution output module are connected to the constant power channel bus; the first power distribution output module and the second power distribution output module are connected to one end of the first wire package of the magnetic latching relay K1 The power-off signal of the constant power channel, the other end is connected to the positive busbar (+12V) of the secondary power supply of the device through the parallel resistors R9 and R10, the second wire package of the magnetic latching relay K1 is connected to the power-on signal of the constant power channel at one end, and the other end is connected in parallel The resistors R11 and R12 are connected to the device's secondary power positive bus (+12V).
配电输出模块还包括电容C1、配电输出,电容C1和电容配电输出串联连接,跨接在载荷配电电源母线(28v)与MOS管的栅极之间。The power distribution output module also includes a capacitor C1 and a power distribution output. The capacitor C1 and the capacitor power distribution output are connected in series and connected across the load distribution power bus (28v) and the gate of the MOS tube.
所述配电输出模块还包括二级管V5、V6、V7、V8,所述二级管V5、V6跨接在第一配电输出模块磁保持继电器第一线包两端;所述二级管V7、V8跨接在第二配电输出模块磁保持继电器第二线包两端;The power distribution output module further includes diodes V5, V6, V7, and V8, and the diodes V5 and V6 are connected across the two ends of the first wire package of the magnetic latching relay of the first power distribution output module; The tubes V7 and V8 are connected across the two ends of the second wire package of the magnetic latching relay of the second power distribution output module;
本模块中,指令驱动模块的输出端为cmd1、cmd2。当cmd1驱动指令为高时,三级管V1、V2导通,功率恒定A通道断电指令被拉到低电平,此时,磁保持继电器K1和K2中线包1两端加电,开关均为断开状态,此时供配电电路中的MOS1和MOS2的栅极电压VG为28V,MOS管为断开状态,功率恒定A通道母线不加电;当cmd2驱动指令为高时,三级管V3、V4导通,功率恒定A通道加电指令被拉到低电平,此时,磁保持继电器K1和K2中线包2两端加电,开关均为接通状态,此时供配电电路中的MOS1和MOS2的栅极电压VG为28V在R13/R14和R19/R20上的分压,MOS管为导通状态,功率恒定A通道母线加电。In this module, the output terminals of the command-driven module are cmd1 and cmd2. When the cmd1 drive command is high, the three-stage transistors V1 and V2 are turned on, and the constant power A channel power-off command is pulled to a low level. In the off state, the gate voltage V G of MOS1 and MOS2 in the power supply and distribution circuit is 28V, the MOS tube is in the off state, and the power constant A channel bus is not powered; when the cmd2 drive command is high, the three The stage tubes V3 and V4 are turned on, and the power-on command of the constant power channel A is pulled to a low level. At this time, the magnetic latching relays K1 and K2 are powered on both ends of the
供配电电路中用于驱动指令隔离放大的三极管、磁保持继电器,用于母线供电的分压电阻、滤波电容、MOS管等,均为冗余设计,消除了单点风险。In the power supply and distribution circuit, the transistors and magnetic latching relays used for driving command isolation and amplification, and the voltage divider resistors, filter capacitors, and MOS tubes used for bus power supply are all redundant designs, eliminating single-point risks.
2.3功率非恒定供配电管理模块2.3 Power non-constant power supply and distribution management module
功率非恒定供配电管理模块根据需求为载荷提供变化功率的供电,在全飞行过程中经历多次开关,需要同时考虑接通和断开的可靠性。在功率恒定供配电管理模块的基础上,通过以下途径提高通道可靠性。The power non-constant power supply and distribution management module provides power supply with variable power to the load according to the demand. It has experienced multiple switches during the whole flight process, and the reliability of switching on and off needs to be considered at the same time. Based on the constant power supply and distribution management module, the channel reliability is improved through the following approaches.
对于加电或断电指令,指令解析电路各输出四条指令,如图5,通过光耦隔离、放大三极管和磁保持继电器后,驱动最终输出的四对串并联MOS管(共八个)。For power-on or power-off commands, the command parsing circuit outputs four commands each, as shown in Figure 5. After the optocoupler isolation, amplification triode and magnetic latching relay, the final output of four pairs of series-parallel MOS tubes (eight in total) is driven.
如图5所示,所述功率非恒定配电管理模块包括:As shown in Figure 5, the power non-constant power distribution management module includes:
八个指令驱动模块,记为:第一指令驱动模块、第二指令驱动模块、第三指令驱动模块、第四指令驱动模块、第五指令驱动模块、第六指令驱动模块、第七指令驱动模块、第八指令驱动模块;Eight command driving modules, denoted as: the first command driving module, the second command driving module, the third command driving module, the fourth command driving module, the fifth command driving module, the sixth command driving module, the seventh command driving module , the eighth command drive module;
四个指令保持模块,第一指令保持模块、第二指令保持模块、第三指令保持模块、第四指令保持模块;Four command holding modules, a first command holding module, a second command holding module, a third command holding module, and a fourth command holding module;
八个配电输出模块,第一配电输出模块、第二配电输出模块、第三配电输出模块、第四配电输出模块、第五配电输出模块、第六配电输出模块、第七配电输出模块、第八配电输出模块;Eight distribution output modules, the first distribution output module, the second distribution output module, the third distribution output module, the fourth distribution output module, the fifth distribution output module, the sixth distribution output module, the Seven power distribution output modules, eighth power distribution output modules;
指令驱动模块,包括电阻R21、R22、三极管V21,电阻R21的一端为指令驱动模块的输入端,另一端连接三极管V21的基极,电阻R22跨接在三极管V21的基极和发射极之间,三极管V1的发射极接地,三极管V21的集电极为指令驱动模块的输出端;The command drive module includes resistors R21, R22, and a transistor V21. One end of the resistor R21 is the input end of the command drive module, and the other end is connected to the base of the transistor V21. The resistor R22 is connected across the base and the emitter of the transistor V21. The emitter of the triode V1 is grounded, and the collector of the triode V21 is the output end of the command drive module;
指令保持模块,包括磁保持继电器K3,二级管V31、V32、V33、V34,电阻R41、R42、R43、R44,所述二级管V31、V32跨接在磁保持继电器K3第一线包两端;所述二级管V33、V34跨接在磁保持继电器K3第二线包两端。磁保持继电器K3第一线包的一端连接第一输入信号,另一端通过并联的电阻R41和R42连接至设备二次电源正母线,磁保持继电器K3第二线包一端连接第二输入信号,另一端通过并联的电阻R43和R44连接至设备二次电源正母线(+12V);磁保持继电器K3的开关为双端双掷开关,共有6个触点,其中两个触点接地,两个触点作为不动端触点悬空,两个触点作为动端并联连接至指令保持输出端。The command hold module includes a magnetic latching relay K3, diodes V31, V32, V33, V34, and resistors R41, R42, R43, R44, and the diodes V31 and V32 are connected across the first wire pack of the magnetic latching relay K3. The diodes V33 and V34 are connected across the two ends of the second wire package of the magnetic latching relay K3. One end of the first wire package of the magnetic latching relay K3 is connected to the first input signal, and the other end is connected to the positive busbar of the secondary power supply of the device through the parallel resistors R41 and R42. One end of the second wire package of the magnetic latching relay K3 is connected to the second input signal, and the other end is connected to the second input signal Connect to the positive busbar (+12V) of the secondary power supply of the device through the parallel resistors R43 and R44; the switch of the magnetic latching relay K3 is a double-ended double-throw switch, with a total of 6 contacts, two of which are grounded and two contacts As the fixed terminal contact is floating, the two contacts are connected in parallel to the command holding output terminal as the moving terminal.
配电输出模块均包括电阻R49、R50,电容C11、C12,MOS管MOS11;电阻R49的一端连接在配电指令输入端,电阻R50的另一端分成两路,一路与电阻R49串联连接至MOS11的源极,另一路连接至MOS11的栅极,电容C11和C12串联后跨接在R49的两端;The power distribution output modules include resistors R49, R50, capacitors C11, C12, and MOS tube MOS11; one end of the resistor R49 is connected to the power distribution command input terminal, and the other end of the resistor R50 is divided into two circuits, one of which is connected in series with the resistor R49 to the MOS11 The source, the other way is connected to the gate of MOS11, and the capacitors C11 and C12 are connected in series across the two ends of R49;
第一指令驱动模块、第二指令驱动模块、第三指令驱动模块、第四指令驱动模块、第五指令驱动模块、第六指令驱动模块、第七指令驱动模块、第八指令驱动模块的三极管集电极输出端分别为功率非恒定通道第一断电信号、功率非恒定通道第二断电信号、功率非恒定通道第三断电信号、功率非恒定通道第四断电信号、功率非恒定通道第一加电信号、功率非恒定通道第二加电信号、功率非恒定通道第三加电信号、功率非恒定通道第三加电信号;The transistor set of the first command driving module, the second command driving module, the third command driving module, the fourth command driving module, the fifth command driving module, the sixth command driving module, the seventh command driving module and the eighth command driving module The output terminals of the electrodes are the first power-off signal of the non-constant power channel, the second power-off signal of the non-constant power channel, the third power-off signal of the non-constant power channel, the fourth power-off signal of the non-constant power channel, and the first power-off signal of the non-constant power channel. A power-on signal, a second power-on signal for a non-constant power channel, a third power-on signal for a non-constant power channel, and a third power-on signal for a non-constant power channel;
第一指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第一断电信号和功率非恒定通道第一加电信号;The first input terminal and the second input terminal of the first command holding module are respectively connected to the first power-off signal of the non-constant power channel and the first power-on signal of the non-constant power channel;
第二指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第二断电信号和功率非恒定通道第二加电信号;The first input end and the second input end of the second instruction holding module are respectively connected to the second power-off signal of the non-constant power channel and the second power-on signal of the non-constant power channel;
第三指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第三断电信号和功率非恒定通道第三加电信号;The first input terminal and the second input terminal of the third instruction holding module are respectively connected to the third power-off signal of the non-constant power channel and the third power-on signal of the non-constant power channel;
第四指令保持模块的第一输入端和第二输入端分别连接功率非恒定通道第四断电信号和功率非恒定通道第四加电信号;The first input terminal and the second input terminal of the fourth instruction holding module are respectively connected to the fourth power-off signal of the non-constant power channel and the fourth power-on signal of the non-constant power channel;
第一指令保持模块的指令保持输出端端连接第一配电输出模块和第二配电输出模块的配电指令输入端;The command holding output terminal of the first command holding module is connected to the power distribution command input terminals of the first power distribution output module and the second power distribution output module;
第二指令保持模块的指令保持输出端连接第三配电输出模块和第四配电输出模块的配电指令输入端;The command holding output terminal of the second command holding module is connected to the power distribution command input terminals of the third power distribution output module and the fourth power distribution output module;
第三指令保持模块的指令保持输出端连接第五配电输出模块和第六配电输出模块的配电指令输入端;The command holding output terminal of the third command holding module is connected to the power distribution command input terminals of the fifth power distribution output module and the sixth power distribution output module;
第四指令保持模块的指令保持输出端连接第七配电输出模块和第八配电输出模块的配电指令输入端。The command holding output terminal of the fourth command holding module is connected to the power distribution command input terminals of the seventh power distribution output module and the eighth power distribution output module.
第一配电输出模块中的MOS管源极连接载荷配电电源母线(28v),MOS管漏极连接第三配电模块中的MOS管源极;The source of the MOS tube in the first power distribution output module is connected to the load distribution power bus (28v), and the drain of the MOS tube is connected to the source of the MOS tube in the third power distribution module;
第二配电输出模块中的MOS管源极连接载荷配电电源母线(28v),MOS管漏极连接第四配电模块中的MOS管源极;The source of the MOS tube in the second power distribution output module is connected to the load distribution power bus (28v), and the drain of the MOS tube is connected to the source of the MOS tube in the fourth power distribution module;
第五配电输出模块中的MOS管源极连接载荷配电电源母线(28v),MOS管漏极连接第七配电模块中的MOS管源极;The source of the MOS tube in the fifth power distribution output module is connected to the load distribution power bus (28v), and the drain of the MOS tube is connected to the source of the MOS tube in the seventh power distribution module;
第六配电输出模块中的MOS管源极连接载荷配电电源母线(28v),MOS管漏极连接第八配电模块中的MOS管源极。The source of the MOS tube in the sixth power distribution output module is connected to the load distribution power bus (28v), and the drain of the MOS tube is connected to the source of the MOS tube in the eighth power distribution module.
本模块中,指令驱动模块的输出端为cmd3、cmd5、cmd7、cmd9、cmd4、cmd6、cmd8、cmd10。当cmd3、cmd5、cmd7、cmd9驱动指令为高时,三级管V21、V23、V25、V27导通,功率非恒定B通道断电_1/2/3/4为低电平,磁保持继电器K3、K4、K5、K6中线包1两端加电,此时供配电电路中的MOS11~MOS18的栅极电压VG为28V,MOS管为断开状态,功率非恒定B通道母线不加电;cmd4、cmd6、cmd8、cmd10驱动指令为高时,三级管V22、V24、V26、V28导通,功率非恒定B通道加电_1/2/3/4为低电平,磁保持继电器K3、K4、K5、K6中线包2两端加电,开关均为接通状态,此时供配电电路中的MOS11~MOS18的栅极电压VG为28V在电阻上的分压,MOS管为导通状态,功率非恒定B通道母线加电。In this module, the output terminals of the command-driven module are cmd3, cmd5, cmd7, cmd9, cmd4, cmd6, cmd8, and cmd10. When the cmd3, cmd5, cmd7, and cmd9 drive commands are high, the three-stage transistors V21, V23, V25, and V27 are turned on, and the power is not constant. The B channel is powered off _1/2/3/4 is low, and the magnetic latching relay K3, K4, K5, K6 are powered on both ends of the
在该电路中,cmd5/cmd6用于驱动MOS管V11和V12,cmd7/cmd8用于驱动MOS管V13和V14,cmd9/cmd10用于驱动MOS管V15和V16,cmd11/cmd12用于驱动MOS管V17和V18。可验证任何一个指令失效,任何3只MOS管失效都不会导致负载无法加电或断电。In this circuit, cmd5/cmd6 are used to drive MOS tubes V11 and V12, cmd7/cmd8 are used to drive MOS tubes V13 and V14, cmd9/cmd10 are used to drive MOS tubes V15 and V16, cmd11/cmd12 are used to drive MOS tubes V17 and V18. It can be verified that any command fails, and the failure of any three MOS tubes will not cause the load to fail to be powered on or powered off.
3.遥控指令接收模块设计3. Design of remote control command receiving module
在轨飞行器主备机的遥控指令接收接口芯片AM26C32都常加电,当主机工作时控制备机接收接口的使能信号B_RX为低电平,备机不接收指令;当备机工作时,控制主机接收接口的使能信号A_RX为低电平,主机不接收指令,互不影响。如附图6所示。The remote control command receiving interface chip AM26C32 of the main and standby aircraft of the on-orbit aircraft is always powered on. When the host is working, the enable signal B_RX that controls the receiving interface of the standby aircraft is low, and the standby aircraft does not receive commands; when the standby aircraft is working, the control The enable signal A_RX of the host receiving interface is low level, the host does not receive commands and does not affect each other. As shown in Figure 6.
4.双机冗余设计优化:4. Dual-machine redundancy design optimization:
本方法中的双机冗余配电系统除在配电电路上进行了冗余设计外,重点在指令补发和切换策略两方面进行了优化:In addition to the redundant design of the power distribution circuit, the dual-machine redundant power distribution system in this method is optimized in two aspects: command reissue and switching strategy:
4.1切换策略4.1 Switching strategy
当主机(初始状态的当班机)的CPU板发生狗咬复位时,备机(处室状态的非当班机)记录的主机狗咬次数加1,若备机判断主机已连续发生四次狗咬,则进入主备切换流程。为避免此前已经加电的通道在切机过程中掉电,切机过程中主备机同时输出。根据之前保存的主机最新正常工作状态,开启备机的接收外部指令功能,按照预设流程,执行后续的操作,并回采操作结果,当回采操作结果执行正确时,将备机切换为当班机,同时控制主机重新上电复位,主机上电后默认为非当班机。When a dog bite reset occurs on the CPU board of the host computer (the on-flight plane in the initial state), the number of dog bites recorded by the standby computer (non-duty plane in the room state) is incremented by 1. If the standby computer determines that the host computer has suffered four consecutive dog bites , enter the active/standby switchover process. In order to avoid the power-off of the channel that has been powered on before, during the cutting process, the main and standby machines output at the same time. According to the latest normal working state of the host that was previously saved, enable the function of receiving external commands of the standby machine, perform subsequent operations according to the preset process, and retrieve the operation results. At the same time, the control panel is powered on and reset again. After the panel is powered on, it defaults to a non-on-duty flight.
此外,若主机的MAX706监测电压端低于4.4V,将告知备机,并进入主备切换流程,切换完成后,原当班机电源断电,节省功耗。In addition, if the MAX706 monitoring voltage terminal of the host computer is lower than 4.4V, it will notify the standby computer and enter the main-standby switching process. After the switching is completed, the power supply of the original flight will be cut off to save power consumption.
当班机定期将系统时间、最新外部指令、最近的外部指令执行后的状态备份发送非当班机,同时保存在EEPROM中。在普通飞行期间,备份每10min进行一次;在任务开展期间,由于操作密集,备份每10s进行一次。备份间隔可通过软件方便的进行修改。When the flight regularly sends the system time, the latest external command, and the status backup after the execution of the latest external command to the non-on-duty flight, and saves it in the EEPROM at the same time. During normal flight, backup is performed every 10 minutes; during mission development, due to intensive operations, backup is performed every 10 seconds. The backup interval can be easily modified by the software.
4.2指令补偿4.2 Command compensation
为避免因单粒子反转或电路硬件失效导致的指令失效,当班机CPU板输出任一通道(假设为A通道)加电指令后,将该指令经内部串口发送至非当班机,并在下一周期检测A通道的回采状态,若A通道的回采状态为低电平,则认为加电不成功,由当班机将非当班机的CPU输出置为有效,再补发一次A通道加电指令。同理,当班机CPU板输出任一通道(假设为B通道)断电指令后,当班机CPU需要判断B通道的回采状态,若B通道的回采状态为高电平,则将非当班机的CPU输出置为有效,再补发一次B通道断电指令。In order to avoid command failure due to single event inversion or circuit hardware failure, when the flight CPU board outputs a power-on command for any channel (assuming it is channel A), the command is sent to the non-on-duty flight through the internal serial port, and the next Periodically detect the recovery status of channel A. If the recovery status of channel A is low, it is considered that the power-on is unsuccessful, and the on-flight aircraft will set the CPU output of the non-on-flight aircraft to be valid, and then reissue the power-on command of channel A. Similarly, when the flight CPU board outputs a power-off command for any channel (assuming it is channel B), the flight CPU needs to judge the recovery status of channel B. If the recovery status of channel B is high, The CPU output is set to be valid, and the B channel power-off command is reissued again.
在保持硬件电路状态不变的情况下,通过更改CPU的软件设置,控制单片机中备机输出芯片的CLK信号,能够灵活的对冗余策略进行更改,如仅主机控制、主备机并联输出或备机补发机制等。Under the condition of keeping the state of the hardware circuit unchanged, by changing the software settings of the CPU to control the CLK signal of the output chip of the standby machine in the single-chip microcomputer, it is possible to flexibly change the redundancy strategy, such as only host control, parallel output of the main and standby machines, or Backup mechanism, etc.
本说明书中未进行详细描述部分属于本领域技术人员公知常识。The parts that are not described in detail in this specification belong to the common knowledge of those skilled in the art.
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910470266.5A CN110196564B (en) | 2019-05-31 | 2019-05-31 | A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910470266.5A CN110196564B (en) | 2019-05-31 | 2019-05-31 | A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110196564A CN110196564A (en) | 2019-09-03 |
| CN110196564B true CN110196564B (en) | 2020-11-20 |
Family
ID=67753682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910470266.5A Active CN110196564B (en) | 2019-05-31 | 2019-05-31 | A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110196564B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112130486B (en) * | 2020-09-02 | 2021-11-16 | 国电南瑞科技股份有限公司 | Intelligent outlet module of power relay protection equipment and fault-tolerant control method thereof |
| CN114123466B (en) * | 2021-11-22 | 2023-09-26 | 北京计算机技术及应用研究所 | Dual-path redundant power supply self-cutting and recovering method |
| CN114069829B (en) * | 2021-11-22 | 2023-09-26 | 北京计算机技术及应用研究所 | Dual-path redundant power supply self-cutting and recovering circuit |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201860160U (en) * | 2010-07-15 | 2011-06-08 | 刘业纯 | Double-power-supply static switching device |
| CN201928047U (en) * | 2010-12-24 | 2011-08-10 | 深圳市华通电气设备有限公司 | Subway light current integrated UPS system |
| CN208028652U (en) * | 2018-02-06 | 2018-10-30 | 深圳妈湾电力有限公司 | A kind of double host parallel redundancy power supply systems |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090032396A (en) * | 2007-09-27 | 2009-04-01 | 한국전력공사 | Distribution Automation System |
| CN102570591B (en) * | 2012-01-14 | 2015-04-22 | 北京鼎汉技术股份有限公司 | Switching system and switching method for dual-computer hot standby |
| CN203151200U (en) * | 2012-12-21 | 2013-08-21 | 思源清能电气电子有限公司 | Double on-line standby high-frequency voltage constant current source |
| CN106428589B (en) * | 2016-11-09 | 2019-01-25 | 北京宇航系统工程研究所 | A space vehicle power supply and distribution device based on solid-state power control technology |
| CN207234422U (en) * | 2017-09-11 | 2018-04-13 | 深圳市沃尔奔达新能源股份有限公司 | Redundancy parallel control system and electricity generation system |
-
2019
- 2019-05-31 CN CN201910470266.5A patent/CN110196564B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201860160U (en) * | 2010-07-15 | 2011-06-08 | 刘业纯 | Double-power-supply static switching device |
| CN201928047U (en) * | 2010-12-24 | 2011-08-10 | 深圳市华通电气设备有限公司 | Subway light current integrated UPS system |
| CN208028652U (en) * | 2018-02-06 | 2018-10-30 | 深圳妈湾电力有限公司 | A kind of double host parallel redundancy power supply systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110196564A (en) | 2019-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110196564B (en) | A smooth-switching dual-machine redundant power distribution system resistant to single-particle radiation | |
| CN102053882B (en) | Heterogeneous satellite-borne fault-tolerant computer based on COTS (Commercial Off The Shelf) device | |
| CN101916090B (en) | Unmanned aerial vehicle onboard three-redundancy electrical load management center | |
| CN101917285B (en) | Three-machine realization method for moonlet service host machine double-machine cooling structure | |
| CN101807076B (en) | Duplication redundancy fault-tolerant high-reliability control system having synergistic warm standby function based on PROFIBUS field bus | |
| CN102799104B (en) | Safety control redundant system and method for fully-intelligent master control system | |
| CN103631178A (en) | Double-unit backup redundancy control device | |
| CN104050061A (en) | Multi-main-control-panel redundant backup system based on PCIe bus | |
| CN104749949A (en) | PowerPC and x86 based hybrid tri-redundancy UAV flying control computer and core design method | |
| CN105242608B (en) | Vehicle control unit and control method thereof | |
| CN111767244A (en) | Dual-redundancy computer equipment based on domestic Loongson platform | |
| CN103309319B (en) | Distributive redundancy type automatic power distribution control system for airplane | |
| CN112445751A (en) | Computer host interface board suitable for multi-mode redundant system | |
| CN210129215U (en) | Dual-redundancy electromechanical management computer architecture | |
| CN102508746A (en) | Management method for triple configurable fault-tolerant computer system | |
| CN110995478B (en) | Method for implementing redundant backup of board card in OpenVPX equipment | |
| CN104518246B (en) | A kind of electrokinetic cell system collection plate and its control method | |
| CN106933145A (en) | A kind of spaceborne processing system and its control operation method | |
| CN215009732U (en) | Gas station's monitor platform power protection device | |
| CN111984471B (en) | Cabinet power BMC redundancy management system and method | |
| CN103793300A (en) | Fast active-standby switching device in hot-standby system and active-standby switching method | |
| CN111930573B (en) | Task-level dual-machine hot standby system based on management platform and method thereof | |
| CN210608666U (en) | Control device of redundant power supply and power supply system | |
| CN203733107U (en) | Quick active/standby shifting device in active-standby system | |
| CN111831094A (en) | Complete machine power-off and abnormal restarting system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |