* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Presentation - International Spacewire Conference 2008
Variable-frequency drive wikipedia , lookup
Three-phase electric power wikipedia , lookup
Immunity-aware programming wikipedia , lookup
History of electric power transmission wikipedia , lookup
Ground (electricity) wikipedia , lookup
Current source wikipedia , lookup
Electrical substation wikipedia , lookup
Voltage regulator wikipedia , lookup
Schmitt trigger wikipedia , lookup
Resistive opto-isolator wikipedia , lookup
Power electronics wikipedia , lookup
Power MOSFET wikipedia , lookup
Surge protector wikipedia , lookup
Voltage optimisation wikipedia , lookup
Buck converter wikipedia , lookup
Earthing system wikipedia , lookup
Switched-mode power supply wikipedia , lookup
Alternating current wikipedia , lookup
Stray voltage wikipedia , lookup
Mains electricity wikipedia , lookup
SpaceWire Physical Layer Fault Isolation Barry M Cook Wahida Gasti (4Links Limited) (ESA) Sven Landstroem (ESA) International SpaceWire Conference 4-6 November 2008 SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 1 Content Context Failure sequence Failure conditions LVDS Failure prevention by Over-voltage limiting requiring Reliable current limiting … … at the receiver … at the transmitter Conclusions SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 2 Context – Cross Strapped Redundant System FUNCTION 1 NOM DC/DC 1 NOM FUNCTION 1 RED DC/DC 1 RED FUNCTION 2 NOM DC/DC 2 NOM FUNCTION 2 RED DC/DC 2 RED SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 3 Failure Sequence > +10 V … . 1 DC /DC converter control fails 2 Input voltage reaches > Vcc from DC / DC 2_ NOM + 3 .3 V 5 Insulation failure – S / C from Vcc to Out (+) 3 DC / DC 1 - NOM 6 Insulation failure – S / C from In (+) to Vcc Current injection raises Vcc above + 4 V DC / DC 2 - NOM Voltage source current injection 4 Vcc 1 - NOM Vcc 2 - NOM GND 1 - NOM GND 2 - NOM Tx Zo = 100 100 > +4 V Data + 3. 3 V Tx 7 Zo = 100 10 Voltage source current injection DC /DC 1 - RED Insulation failure – S / C from Vcc to Out (+) Rx FPGA / ASIC 100 Rx 8 Voltage source current injection DC / DC 2 - RED Vcc 1 - RED Vcc 2 - RED GND 1 - RED GND 2 - RED Tx Data Zo = 100 9 Tx > +4 V 100 Rx Insulation failure – S / C from Out (+) to Vcc (+) Zo = 100 FPGA / ASIC 100 Rx + 3. 3 V 11 Insulation failure – S / C from Vcc to Out (+) GND 1 - NOM GND 1 - RED GND 2 - NOM GND 2 - RED 12 Input voltage reaches > Vcc from DC / DC 2 _RED SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 4 Failure Conditions Devices can be quite intolerant of variation – 3.3V (nominal) supply voltage (Vss) permits a supply voltage tolerance of ±10% – a voltage range of 3.0 to 3.6V • But sets an absolute limit of 4V – Input voltages are, typically, limited to Vss + 0.3V • Consider a chip with Vss = 3.6V driving one with Vss = 3.0V … – Input currents for above-Vss input voltages are limited • • To, typically, 10mA Which, in practice, makes the above situation safe – just – LVDS avoids this problem by specifying lower signal voltages SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 5 LVDS – EIA/TIA 644 A Specifies … Transmitter output voltages (regardless of Vss) – Differential • 350mV nominal – Common mode • 1.25V nominal above Transmitter ground End-to-end common mode difference • Up to ±1V Acceptable receiver input voltages • 0.05V to 2.45V (to allow for the common-mode difference) Which is fine until the driver fails and places Vss (+Vcm) on the signal line or, worse, a power supply fails and places an even higher voltage on the signal lines SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 6 Failure Prevention We can take one or more of several actions to avoid a single fault causing a failure cascade … – Ensure the PSU never fails over-voltage • • Challenging (especially with Switched mode supplies) Even with over-voltage detection, transients are likely – Prevent the over-voltage leaving the transmitter • Don’t forget common-mode differences (must clamp to LVDS levels, not to supply) – Prevent the receiver being damaged • Limit the over-voltage at its terminals – Prevent the receiver propagating the fault • Not only through power rails but also through signal lines SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 7 Over-voltage limiting We require no significant line loading (capacitance / current) with correct signal levels and firm clamping at safe levels with fault levels BUT … Limiting is not perfect and the clamping level depends, critically, on the available fault current At significant currents (100’s mA) the actual clamp voltage can be twice the turn-on voltage • Contrast this with the need to allow a correct level of 2.5V (LVDS input) or 3.6V (logic input) but clamp at ≤4.0V Safe over-voltage limiting requires reliable current limiting SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 8 Reliable Current Limiting Avoiding silicon (which tends to fail short-circuit, allowing large currents) we are forced to consider discrete resistors – Thick film SMD resistors and hole mounted metalfilm resistors are accepted by most agencies as short-circuit free Adding series resistance on the signal lines will provide a reliable current limit – Can this be done with EIA/TIA 644A (LVDS) signals? • Yes … SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 9 At the receiver R 1.075V / 1.425V 350mV 1.425V / 1.075V 100Ω R 1.25V common mode Limitations • • • The resistors, R, with the receiver input capacitance form a lowpass filter which may degrade the signal 100Ω & 10pF has a time constant of 1ns which would need careful consideration at 200Mb/s (5ns bit period) but should be OK at ≤100Mb/s 100Ω is useful but we could wish for more … SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 10 At the transmitter 0V / 2.5V 305Ω 350mV 100Ω 305Ω 2.5V / 0V 1.25V common mode Features • • • • • Same output differential and common-mode voltage (LVDS) Series resistance driving a matched transmission line and load – there is no capacitive loading and no data-rate reduction 305Ω provides a useful current limit (50mA at 15V over-voltage at the driver output) Supply current is just 3.5mA – same low power as before Other, similar, circuits can be used for higher output source voltages – with greater protection. SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 11 Conclusions • We have identified a failure mechanism that can cause a failure cascade causing damage to both the nominal and redundant systems • This can be alleviated by using fail-safe current limiting devices – discrete resistors – in conjunction with (discrete or in-built) voltage limiting devices (Whilst fully complying with the definition of EIA/TIA 644A – LVDS) SpaceWire Physical Layer Fault Isolation, Barry M Cook (4Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 12