CN111045863B - Sensor data distribution network fault tolerance architecture and method - Google Patents
Sensor data distribution network fault tolerance architecture and method Download PDFInfo
- Publication number
- CN111045863B CN111045863B CN201911134419.5A CN201911134419A CN111045863B CN 111045863 B CN111045863 B CN 111045863B CN 201911134419 A CN201911134419 A CN 201911134419A CN 111045863 B CN111045863 B CN 111045863B
- Authority
- CN
- China
- Prior art keywords
- fault
- switching network
- network
- backup
- sensor data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1479—Generic software techniques for error detection or fault masking
- G06F11/1489—Generic software techniques for error detection or fault masking through recovery blocks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Hardware Redundancy (AREA)
- Maintenance And Management Of Digital Transmission (AREA)
Abstract
Aiming at the requirements of the comprehensive avionics system on the reliability of the comprehensive signal processing subsystem, the invention provides a fault tolerance architecture and a fault tolerance method of a sensor data distribution network. The sensor data distribution network adopts a dual redundancy design, a hot backup working mode is adopted between redundancy, fault detection is carried out through a heartbeat mechanism, and the system controller manages the sensor data distribution network through a dual redundancy control channel. The fault tolerance method of the sensor data distribution network can effectively improve the reliability of the comprehensive signal processing subsystem.
Description
Technical Field
The invention belongs to the technical field of comprehensive core processing system design, and particularly relates to a fault tolerance architecture and a fault tolerance method for a sensor data distribution network.
Background
In the prior signal processing subsystem, various front-end sensors on an airplane are respectively connected with corresponding signal processing units in a point-to-point mode, so that the signal processing subsystem does not have comprehensive processing capability, the system cannot be supported to realize the functions of multi-sensor collaborative detection, multi-sensor data fusion and the like, and when the signal processing unit corresponding to one sensor fails, the system loses the signal processing function of the sensor, and the reliability is lower.
With the application of the comprehensive modularized avionics system technology, the comprehensive signal processing subsystem needs to realize the comprehensive processing of multi-sensor signals, the physical positions of signal processing resources corresponding to each type of sensor are not fixed, when the system task operation mode changes or the comprehensive signal processing unit is subjected to resource reconstruction, the data allocation strategy between each type of sensor and the comprehensive signal processing unit needs to be configured dynamically and in real time, so that higher requirements are provided for a data allocation implementation method, and the prior art cannot meet the comprehensive processing requirements and fault tolerance requirements of the system.
Disclosure of Invention
The invention provides a fault tolerance architecture and a fault tolerance method of a sensor data distribution network, and aims to effectively improve the comprehensive processing capacity and the fault tolerance capacity of a comprehensive signal processing subsystem.
The technical scheme of the invention is as follows:
the invention provides a fault-tolerant architecture of a sensor data distribution network, which comprises two switching networks with identical software and hardware, wherein the two switching networks are respectively used as a working switching network and a backup switching network, the two switching networks adopt a dual redundancy design, a hot backup working mode is adopted between redundancy and the redundancy is crosslinked through a synchronous channel, and a system controller manages the two redundancy through a dual redundancy control channel. The hot backup working mode is that after power-on, two exchange networks run the same application software, the working exchange network outputs the running result, and the backup exchange network does not output the result.
The invention provides a fault tolerance method of a sensor data distribution network, which adopts a fault tolerance architecture of the sensor data distribution network and comprises a fault tolerance detection method and a fault tolerance processing method.
The fault tolerance detection method is that a heartbeat mechanism is adopted between the dual redundancy switching networks to perform fault detection, namely the working switching network periodically sends handshake signals to the backup switching network, and the backup switching network feeds back handshake success signals to the working switching network after receiving the handshake signals.
The fault tolerance processing method comprises three conditions:
firstly, if the backup switching network cannot receive a handshake signal sent by the working switching network and the sensor data received by the rear-end comprehensive signal processing unit is abnormal, the complex fault of the current working switching network is indicated, and a hot backup fault processing strategy is executed at the moment, namely a processor in the backup switching network immediately outputs a current network configuration table of the system to a corresponding digital crossbar switch, normal work is started, and current fault information is reported to a system controller through a control channel;
second, if the backup switching network does not receive the handshake signal sent by the working switching network, but the sensor data received by the back-end integrated signal processing unit is normal, which indicates that the processor circuit in the current working switching network has a fault, the digital crossbar circuit and the photoelectric converter circuit work normally, and two fault processing methods exist at this time:
(1) The processor in the backup exchange network immediately outputs the current network configuration table of the system to the corresponding digital cross switch, at the moment, a hot backup fault processing strategy is executed, the backup exchange network starts to work normally, and the current fault information is reported to the system controller through the control channel;
(2) The processor in the backup exchange network takes over the digital cross switch in the current work exchange network through the processor control bus, at this time, executes the cross management fault processing strategy, keeps the current network configuration table of the system unchanged, continues to work normally, and reports the current fault information to the system controller through the control channel;
thirdly, if the backup switching network normally receives the handshake signal sent by the working switching network, but the sensor data received by the back-end comprehensive signal processing unit is abnormal, which indicates that the digital cross switch circuit or the photoelectric converter circuit in the current working switching network has faults, the processor circuit works normally, and at the moment, a hot backup fault processing strategy or a cross management fault processing strategy can be executed.
The invention has the advantages that:
1. based on the digital crossbar design, the switching speed is high;
2. the hardware circuit is easy to realize, simple and reliable;
3. the fault tolerance speed is high, and the flexibility is high;
4. and the reliability of the comprehensive signal processing subsystem is improved.
Drawings
Fig. 1 is a schematic diagram of an integrated signal processing subsystem.
FIG. 2 is a diagram of a sensor data distribution network design architecture.
Fig. 3 is a schematic diagram of a hot-standby fault handling strategy (complex fault of the switching network).
FIG. 4 is a schematic diagram of a hot-standby fault handling strategy (processor circuit failure).
Fig. 5 is a schematic diagram of a cross-management fault handling strategy (processor circuit fault).
Detailed Description
The invention provides a sensor data distribution network fault tolerance architecture, which comprises the following steps:
1. the front end sensor on the aircraft comprises: communication navigation recognition sensors, radar sensors, photoelectric image sensors and the like, wherein sensor signals are input into a sensor data distribution network of the integrated signal processing subsystem through a fiber channel, as shown in fig. 1;
2. the sensor data distribution network can realize the unobstructed exchange of 40 paths of front-end sensor signals by 40 paths at maximum, and the sensor signals are output to different signal processing modules of the comprehensive signal processing unit according to a network configuration table specified by a system;
3. the sensor data distribution network adopts a dual redundancy design, as shown in fig. 2, the software and hardware of the two exchange networks are completely identical, a hot backup working mode is adopted between redundancy, namely, the two exchange networks operate the same application software, the working exchange network outputs an operation result, and the backup exchange network does not output the result;
4. the dual redundancy exchange networks of the sensor data distribution network adopt a heartbeat mechanism to perform fault detection and system synchronization, namely the working exchange network periodically sends handshake signals to the backup exchange network, and the backup exchange network feeds back handshake success signals to the working exchange network after receiving the handshake signals;
5. the avionics system controller manages the sensor data distribution network through a dual redundancy control channel, and comprises the steps of sending a network control command to the sensor data distribution network, loading a network configuration table, actively detecting faults and the like; the sensor data distribution network sends test results, reports fault information, etc. to the system controller.
The specific implementation method of the architecture is as follows:
step 1, after the system is powered on, the dual redundancy switching networks in the sensor data distribution network are respectively powered on self-detection, after the test is finished, test results are respectively reported to a system controller through a control channel, when the two switching networks are tested normally, the default switching network 1 is a working switching network, and the switching network 2 is a backup switching network;
step 2, if the system controller cannot receive the test result of a certain switching network or the received test result is wrong after the power-on self-detection, the switching network fails, and the system controller performs fault shielding on the switching network to stop working;
step 3, after the power-on self-detection is completed, the processors in the two switching networks respectively load sensor data distribution network management software and a default network configuration table from the local FLASH, and the processor in the working switching network sends the default network configuration information to the corresponding digital crossbar switch through a processor control bus to execute a sensor data distribution strategy defaulted by the system; the processors in the backup exchange network run the same software, but do not output the result;
step 4, when the system task operation mode changes or the comprehensive signal processing unit is reconfigured, the system controller loads a new network configuration table through a control channel, and after a processor in the work switching network receives the new network configuration table, the new network configuration table is sent to a corresponding digital cross switch to execute a new sensor data allocation strategy of the system;
step 5, in the normal operation process of the system, the working exchange network periodically sends a handshake signal to the backup exchange network, the handshake period is 50ms, and after the backup exchange network receives the handshake signal, the backup exchange network feeds back a handshake success signal to the working exchange network;
step 6, if the backup switching network cannot receive the handshake signal sent by the working switching network and the sensor data received by the rear-end comprehensive signal processing unit is abnormal, the complex fault of the current working switching network is indicated, a hot backup fault processing strategy is executed at the moment, as shown in fig. 3, a processor in the backup switching network immediately outputs a current network configuration table of the system to a corresponding digital crossbar switch, normal work is started, and current fault information is reported to a system controller through a control channel;
step 7, if the backup switching network cannot receive the handshake signal sent by the working switching network, but the sensor data received by the back-end integrated signal processing unit is normal, which indicates that the processor circuit in the current working switching network has faults, the digital crossbar circuit and the photoelectric converter circuit work normally, and two fault processing methods exist at the moment:
(1) The processor in the backup exchange network immediately outputs the current network configuration table of the system to the corresponding digital cross switch, and executes a hot backup fault processing strategy at the moment, as shown in fig. 4, the backup exchange network starts to work normally, and reports the current fault information to the system controller through the control channel;
(2) The processor in the backup exchange network takes over the digital cross switch in the current work exchange network through the processor control bus, and executes the cross management fault processing strategy at the moment, as shown in fig. 5, the current network configuration table of the system remains unchanged, and continues to work normally, and the processor in the backup exchange network reports the current fault information to the system controller through the control channel;
after executing the hot backup fault processing strategy in step 8, step 7, and step (1), the possible faults and fault processing methods in the subsequent system operation process are as follows:
(1) If the system controller cannot acquire the state information of the current working switching network through the control channel, the sensor data received by the rear-end integrated signal processing unit is normal, which indicates that the processor circuit in the current working switching network fails, the system controller can continue to work at the moment, and the system sensor data allocation strategy cannot be changed;
(2) If the system controller can acquire the state information of the current working switching network through the control channel, but the sensor data received by the rear-end integrated signal processing unit is abnormal, the digital cross switch circuit or the photoelectric converter circuit in the current working switching network is indicated to have faults, and then the cross management fault processing strategy can be executed again;
(3) If the system controller cannot acquire the state information of the current working switching network through the control channel and the sensor data received by the rear-end integrated signal processing unit is abnormal, the complex fault of the current working switching network is indicated, and at the moment, the integrated signal processing subsystem loses the function of the sensor data distribution network;
and 9, after the cross management fault processing strategy is executed in the step 7 (2), the possible faults and fault processing methods in the subsequent system operation process are as follows:
(1) If the system controller cannot acquire the state information of the current working switching network through the control channel, the sensor data received by the rear-end integrated signal processing unit is normal, which indicates that the processor circuit in the current working switching network fails, the system controller can continue to work at the moment, and the system sensor data allocation strategy cannot be changed;
(2) If the system controller can acquire the state information of the current working switching network through the control channel, but the sensor data received by the rear-end integrated signal processing unit is abnormal, the digital cross switch circuit or the photoelectric converter circuit in the current working switching network is indicated to have faults, at the moment, the processor in the current working switching network can disconnect the cross processor control bus, immediately output the current network configuration table of the system to the corresponding digital cross switch, and continue to work normally;
(3) If the system controller cannot acquire the state information of the current working switching network through the control channel and the sensor data received by the rear-end integrated signal processing unit is abnormal, the complex fault of the current working switching network is indicated, and at the moment, the integrated signal processing subsystem loses the function of the sensor data distribution network;
step 10, if the backup switching network normally receives the handshake signal sent by the working switching network, but the sensor data received by the back-end integrated signal processing unit is abnormal, which indicates that the digital crossbar switch circuit or the photoelectric converter circuit in the current working switching network has faults, the processor circuit works normally, and at the moment, a hot backup fault processing strategy or a cross management fault processing strategy can be executed, and the specific fault processing method is as described in steps 7-9.
Claims (1)
1. The utility model provides a sensor data distribution network fault tolerance method, has adopted a framework, the framework includes two switching networks that the software and hardware is the same entirely, respectively as work switching network, backup switching network, and two above-mentioned switching networks adopt dual redundancy design, adopt hot backup mode of operation and cross-link through the synchronous channel between the redundancy, and the system controller manages these two redundancy through dual redundancy control channel, its characterized in that: the method comprises a fault tolerance detection method and a fault tolerance processing method;
the fault tolerance detection method comprises the steps that a heartbeat mechanism is adopted between the dual redundancy switching networks to perform fault detection, namely, a working switching network periodically sends handshake signals to a backup switching network, and the backup switching network feeds back handshake success signals to the working switching network after receiving the handshake signals;
the fault tolerance processing method comprises three conditions:
firstly, if the backup switching network cannot receive a handshake signal sent by the working switching network and the sensor data received by the rear-end comprehensive signal processing unit is abnormal, the complex fault of the current working switching network is indicated, and a hot backup fault processing strategy is executed at the moment, namely a processor in the backup switching network immediately outputs a current network configuration table of the system to a corresponding digital crossbar switch, normal work is started, and current fault information is reported to a system controller through a control channel;
second, if the backup switching network does not receive the handshake signal sent by the working switching network, but the sensor data received by the back-end integrated signal processing unit is normal, which indicates that the processor circuit in the current working switching network has a fault, the digital crossbar circuit and the photoelectric converter circuit work normally, and two fault processing methods exist at this time:
(1) The processor in the backup exchange network immediately outputs the current network configuration table of the system to the corresponding digital cross switch, at the moment, a hot backup fault processing strategy is executed, the backup exchange network starts to work normally, and the current fault information is reported to the system controller through the control channel;
(2) The processor in the backup exchange network takes over the digital cross switch in the current work exchange network through the processor control bus, at this time, executes the cross management fault processing strategy, keeps the current network configuration table of the system unchanged, continues to work normally, and reports the current fault information to the system controller through the control channel;
thirdly, if the backup switching network normally receives the handshake signal sent by the working switching network, but the sensor data received by the back-end comprehensive signal processing unit is abnormal, which indicates that the digital cross switch circuit or the photoelectric converter circuit in the current working switching network has faults, the processor circuit works normally, and at the moment, a hot backup fault processing strategy or a cross management fault processing strategy can be executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911134419.5A CN111045863B (en) | 2019-11-19 | 2019-11-19 | Sensor data distribution network fault tolerance architecture and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911134419.5A CN111045863B (en) | 2019-11-19 | 2019-11-19 | Sensor data distribution network fault tolerance architecture and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111045863A CN111045863A (en) | 2020-04-21 |
| CN111045863B true CN111045863B (en) | 2023-09-15 |
Family
ID=70232965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911134419.5A Active CN111045863B (en) | 2019-11-19 | 2019-11-19 | Sensor data distribution network fault tolerance architecture and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111045863B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468318B (en) * | 2020-11-05 | 2023-03-14 | 中国航空工业集团公司西安航空计算技术研究所 | Dual-redundancy time-triggered network reconstruction method |
| CN112468328A (en) * | 2020-11-13 | 2021-03-09 | 中国航空工业集团公司洛阳电光设备研究所 | Dual-redundancy FC-AE-1553 network reconstruction method based on switched topology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN105301955A (en) * | 2015-10-19 | 2016-02-03 | 中国航空无线电电子研究所 | System-level reconstruction management application software master-slave switching method |
| CN106909525A (en) * | 2017-01-13 | 2017-06-30 | 电子科技大学 | A kind of control Switching Module based on VPX buses |
| CN108768754A (en) * | 2018-06-28 | 2018-11-06 | 西安微电子技术研究所 | A kind of highly reliable tolerant system based on bus network |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004102853A2 (en) * | 2003-05-06 | 2004-11-25 | Overture Networks, Inc. | Protected switching ring |
| WO2014038835A1 (en) * | 2012-09-05 | 2014-03-13 | 삼성에스디에스 주식회사 | Network backup device and network system including the device |
| CN108661823B (en) * | 2018-04-28 | 2020-06-09 | 西安航天动力研究所 | Liquid rocket engine thrust and mixing ratio adjusting redundancy electromechanical servo system |
-
2019
- 2019-11-19 CN CN201911134419.5A patent/CN111045863B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281483A (en) * | 2008-05-12 | 2008-10-08 | 北京邮电大学 | Double-machine redundant tolerant system and redundant switching method thereof |
| CN105301955A (en) * | 2015-10-19 | 2016-02-03 | 中国航空无线电电子研究所 | System-level reconstruction management application software master-slave switching method |
| CN106909525A (en) * | 2017-01-13 | 2017-06-30 | 电子科技大学 | A kind of control Switching Module based on VPX buses |
| CN108768754A (en) * | 2018-06-28 | 2018-11-06 | 西安微电子技术研究所 | A kind of highly reliable tolerant system based on bus network |
Non-Patent Citations (1)
| Title |
|---|
| 赵琳.一种双余度FC网络管理方法.《电脑知识与技术》.2019,正文第72-73页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111045863A (en) | 2020-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107187465B (en) | ATO system architecture of unit-level hot standby redundancy | |
| CN101807076B (en) | Duplication redundancy fault-tolerant high-reliability control system having synergistic warm standby function based on PROFIBUS field bus | |
| CN103647781B (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| CN111352338B (en) | Dual-redundancy flight control computer and redundancy management method | |
| CN111045863B (en) | Sensor data distribution network fault tolerance architecture and method | |
| CN106648997A (en) | Master-salve switching method based on non-real-time operating system | |
| CN110361979A (en) | A kind of safety computer platform in railway signal field | |
| CN102724083A (en) | Degradable triple-modular redundancy computer system based on software synchronization | |
| CN110427283B (en) | Dual-redundancy fuel management computer system | |
| CN104111881A (en) | Arbitration device for double computer redundancy hot backup computer | |
| CN103853622A (en) | Control method of dual redundancies capable of being backed up mutually | |
| CN110488597B (en) | Dual-redundancy control method for main processing unit of locomotive | |
| CN103425553A (en) | Duplicated hot-standby system and method for detecting faults of duplicated hot-standby system | |
| CN112506830B (en) | Redundancy synchronous communication method for multi-path transmission data bus | |
| CN103793300A (en) | Fast active-standby switching device in hot-standby system and active-standby switching method | |
| CN100479295C (en) | Synchronized switching controller and its control for parallel uninterrupted power supply | |
| CN111930573B (en) | Task-level dual-machine hot standby system based on management platform and method thereof | |
| CN112201378A (en) | Hot standby switching method, system, terminal and medium based on nuclear power plant DCS platform | |
| CN110247809B (en) | Communication control method of double-ring network control system | |
| CN203733107U (en) | Quick active/standby shifting device in active-standby system | |
| CN116089176A (en) | Hot standby dual-redundancy computer control system for AUV | |
| CN109991954B (en) | Fault-tolerant control method, system and equipment of motor controller and storage medium | |
| CN113850033B (en) | Redundancy system, redundancy management method and readable storage medium | |
| CN112506633B (en) | Multi-machine redundancy system and processing method | |
| CN115396752A (en) | Redis-based biplane data acquisition method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |