A team at Cadence Design Systems take a closer look at the new open standards being developed to improve the reliability and redundancy of automotive Ethernet. Ethernet is the key technology to enable advanced driver assistance systems (ADAS) and autonomous driving, owing to its low cost, low weight, high data rate and non-proprietary nature.
To meet the safety and deterministic latency requirements for controlling a car, a new set of open standards is being developed, collectively referred to as ‘Time Sensitive Networking’ or TSN. The main TSN standards are 802.1AS-Rev, 802.1Qbu, 802.3br, 802.1Qbv, 802.1Qcc and 802.1CB. These improve the reliability, timing, redundancy and failure detection ability of Ethernet to the level where it can be applied throughout an automobile.
Making sophisticated applications a reality
There is a shared vision for Ethernet in the automobile industry. Based on a more advanced network architecture, Ethernet enables progression of more and more sophisticated applications, from infotainment to ADAS, to control of mission critical systems. Currently Ethernet is being used for on-board diagnostics (OBD), firmware updates and delivering video from surround view cameras. The next stage is to use it for ADAS, where sensors such as radar and vision systems are connected to embedded CPUs to enable sensor fusion. Some examples of ADAS are:
The next stage will be where Ethernet is used to directly control powertrain and chassis for mission critical functions such as braking, steering, transmission and engine control. The final stage where it all comes together is in the form of autonomous driving.
More functionality means more requirements for Ethernet to connect all the components in a car. Increasing the number of components such as processors, cameras and sensors such as radars, not only increase the bandwidth required but also the time needed for critical data to be transferred reliably. This requires provisions for deterministic and low latency, especially for mission critical controls. For instance, the dropping of a packet in an application such as collision avoidance leading to failure of timely braking could be catastrophic. Similarly, autonomous driving will not be possible if the system bandwidth is not sufficient to support data to be aggregated from multiple cameras and sensors. To summarise, there are three key requirements:
From an Ethernet perspective, bandwidth primarily applies to the PHY layer. Reliability and latency primarily apply to the MAC layer.
Figure 2 - MAC Merge Sublayer
Safety and low latency requirements
Open standards are being developed to meet safety, reliability and latency requirements of future ADAS functions and autonomous systems. These standards ensure reliable and timely inter-operation between all the components in an automobile. IEEE 802.1 is the official standards body for Ethernet switching and control of data transmission (whereas IEEE 802.3 is the official standards body for Ethernet PHYs).
To meet the safety and low latency requirements for controlling automobiles, IEEE 802.1 is developing a new set of open standards, collectively referred to as TSN. TSN enables low latency, deterministic and reliable transmission of synchronised packets. TSN is a super-set of the Audio-Video Bridging (AVB) standard, which describes how to guarantee bandwidth and enable data synchronisation over Ethernet to ensure a high quality of service (QoS). It specifies precision of less than a microsecond and implementation which more than exceeds the requirements for many mission critical functions.
A closer look at time sensitive networking standards
By introducing redundancy in the grand master clock and failure detection, 802.1AS-Rev makes setting the real time clocks in the ECUs more reliable and addresses ISO 26262 functional safety requirements. The 802.1Qbv standard adds ‘time aware queue draining procedures’ based on timing derived from 802.1AS. It allows ‘simultaneous support of scheduled traffic, credit-based shaper traffic and other bridged traffic.’ It adds transmission gates to the eight priority queues, which allow low priority queues to be shut down at specific times to allow higher priority immediate access to the network at specific times.
This allows guaranteed access for high priority, low latency control frames (this is similar to Time Triggered Ethernet previously specified by the SAE in 2011 - AS6802) and allows periodic transmission of AVB traffic such as IEEE 1722 talker class A streams, which need frames to be transmitted every 125 microseconds. 802.1Qv introduces the concept of a guard band, which is a time period during which traffic cannot start transmitting to ensure control frames can be sent out at their scheduled time.
Figure 3 - timing diagram
In order to support scheduled traffic a time aware shaper is needed to minimise communication latency and jitter. The example in Figure 3 shows the impact of pre-emption (TA enabled) on two outgoing queues serving time aware data (TA) and other data (O). The pre-amtable (lower priority) frame O1 is split into an initial fragment and a continuation fragment by the MAC Merge Sublayer. The higher priority class A data TA1-TA3 which is time aware is inserted between the two O1 frame fragments to minimise the latency. During the length of the guardband the transmission of non-time critical data is blocked to ensure that no new incoming time aware (high priority) data packets are delayed by other data O. Transmitted data is not just prioritised but is now also deterministic which is key for control systems.
Pre-emption as defined in 802.1Qbu and 802.3br, it allows this guard band to be kept to a minimum. Pre-emption allows a frame to be fragmented after its transmission has started. In other words, a higher priority frame can interrupt the transmission of a lower priority frame. The 802.3br standard defines the necessary encapsulation and checksums for the frame fragments which have a minimum size of 64 bytes. Pre-emption and control of transmit queues concern traffic being transmitted on the egress port.
The 802.1Qci standard is at an early stage and concerns traffic being received at the ingress port. Its purpose is to mitigate the effects of nodes that operate incorrectly. It defines ‘policing and filtering functions that include the detection and mitigation of disruptive transmissions by other systems in a network, improving the robustness of that network’. 802.1CB is also at an early stage and introduces seamless redundancy and failure detection. Failure detection is important for functional safety. 802.1CB adds frame replication and elimination. For example, network nodes might be connected in a ring with traffic being sent in both directions so it takes two separate paths to reach its destination. At the receiving node, the 802.1CB standard defines how the duplicate frames are eliminated. For functional safety, high availability, redundant fault tolerant design and rapid failure detection are important. A ring topology is a way of introducing redundancy in the network. The 802.1CB and 802.1AS-Rev standards introduce methods for failure detection.
Cadence offer Ethernet MAC products targeting automotive applications using AVB standards and more recently using TSN standards. The MAC supports multiple transmit queues, with recently added support for 802.1AS-Rev and 802.1Qbv by implementing a gate-on timer and a gate-off timer for each transmit queue. Cadence has implemented a MAC Merge Sublayer (MMSL) module that is instanced with two Ethernet MAC instances, one for the pre-emptable MAC (pMAC) and the other for the express MAC (eMAC).
The eMAC is only required to support a single transmit queue. When pre-emption is disabled, the MMSL arbitrates between eMAC and pMAC on a frame-by-frame basis. The eMAC still has highest priority, but the frames transmitted from the pMAC will go out unmodified. For 802.1Qbu, pre-emption requires hardware support and Cadence offer a solution to provide the necessary hardware. Cadence plans to add support for 802.1CB and 802.1Qci once the standards become more definite.
The new TSN standards as the next generation AVB Transport Protocol provides all the features to fully address the ISO 26262 requirements and expand the deployment of Automotive Ethernet to safety critical systems. TSN standards aim to improve the robustness, reliability, redundancy and failure detection ability of Ethernet to the level where it can be used for real time control and for applications where safety is of paramount concern. Cadence believes automotive Ethernet to be a very significant technology and is developing solutions for this in its Ethernet MAC product family.