16
Verification of Time Sensitive Networking based Ethernet enabled automotive communication systems Wasiq Zia Senior Principal Software Engineer, Verification IP R&D Cadence Design Systems IEEE-SA Ethernet & IP @ Automotive Technology Day 2 nd November 2017

Verification of Time Sensitive Networking based Ethernet ... · Networking based Ethernet enabled automotive ... queue. Scheduling ... Verification of Time Sensitive Networking based

Embed Size (px)

Citation preview

Verification of Time Sensitive Networking based Ethernet enabled automotive communication systemsWasiq Zia

Senior Principal Software Engineer, Verification IP R&D Cadence Design Systems

IEEE-SA Ethernet & IP @ Automotive Technology Day

2nd November 2017

Automotive Network Connectivity Evolution

Past Now Future

Automotive Ethernet is the cable networkthat connects most of in-vehicle components,

like cameras, sensors, meters, infotainments,

human interfaces and etc.

Easy access, debug, fast, high bandwidth

Disparate protocols, heavy

network of jumbled wires,

low bandwidth, difficult to

debug

Image Source : Automotive Ethernet : An Overview, ixia Whitepaper

Characteristics of TSN based Automotive network

• Economic: reusable, maintainable

• Hard Real-time, Latency-critical

• QoS: Priority control, bandwidth guaranteed

• Security: Ensuring safety system

• Low Power: power saving, green energy

• Being comparatively new, more opportunity

for verification and improvements in system

Min. Latency

Real-time

QoS

• Reduced worst-case delays

4 μs or less per hop @1 Gbps for short messages *

• Improved robustness

Alternative paths with “instant” switchover

Seamless redundancy using multiple streams

Multiple clock sources with “instant” switchover

• Scalability

Reduced management traffic for reservations and configuration

* Reference : IEEE 802 Time-Sensitive Networking: Extending

Beyond AVB by Michael D. Johas Teener, BRCM

The system and its layers…

Link Layer

Phy Layer

MiddleWare

Application ApplicationThese blocks are typically the steering control, infotainment

system, reverse parking assist, GPS system that provide the

input to systems like AUTOSAR etc.

Ensures compliance with the various safety standards and

establishing the safeguards. Middleware is taken care of by

Fault Simulators

This layer contains all the different communication

protocols used for automotive applications. The

AVB/TSN/TTE etc. are part of this layer. Helps in scheduling

traffic depending on the compliance standards enforced

by the upper layer. Acts as the intermediate from

compliance to physical layer.

Link and Physical layer require robust functional

verification for ensuring that requirements are met.

Image Reference : Intra-Vehicle Networks: A Review

Shane Tuohy, Martin Glavin, Member, IEEE, Ciarán Hughes, Edward Jones, Member, IEEE,

Mohan Trivedi, Fellow, IEEE, and Liam Kilmartin, Member, IEEE,

IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Verification Challenges• High compute power

• Long term reliability (~20 years)

• Extreme climates and temperature

operation

• Higher bandwidth

• All this at low power

• Reduce accidents due to system

failure

• No accidents due to hacks

• Zero component failures

• Zero human error related

failures/accidents

And the goal is to…

Several protocols and still counting…

Professional Audio Products

Automotive Networking

Industrial Automation

Base

• 802.1AS PTP Profiles

• Preemption and Interspersing(802.1Qbu and 802.3br)

• Credit Based Shaping (802.1Qav)

• Time Aware Shaping(802.1Qbv)

• Stream Reservation (802.1Qat)

Advanced

• 802.1Qca : Redundancy using the best path algorithms

• 802.1CB : Multipath frame duplication and recovery

• 802.1Qch : Cyclic Queuing

• 802.1Qci : Per-Stream filtering

• MSRP protocol for bandwidth reservation

Scheduling and Timing Conundrum

Application Level Frames

(Video, Audio, Control Data)

Scheduling

Transmission Selection

Mac Merge

Data Protection &

Transmission

Str

ea

m e

sta

blis

hm

en

t

Tim

est

am

pin

g U

nit

Ingress Filtering

Egress Filtering

Fragmentation

MAC and PHY Medium

Application Level Frames

(Video, Audio, Control Data)

Mac Merge

Data Protection &

Transmission

Str

ea

m e

sta

blis

hm

en

t

Tim

est

am

pin

g U

nit

Fragmentation

MAC and PHY Medium

Transmitter Receiver

No equivalent block

for scheduling or

transmission selection

How to verify a

block when Rx is

agnostic to the

behavior?

How to verify timing

corrections without

bridges?

Timestamping

802.1AS

•Synchronize all the clocks throughout the network

•Controls the gate events for time aware shaper

•Ensures that preemption delays are honored

Image Source : http://www.luminex.be/improve-your-timekeeping-with-ptpv2

Grand Master1

Grand Master2

Slave

Slave

Current GM

Better

than GM1

ANNOUNCE “I am better”

GM Selection

• Ensure that peer delay mechanism works

• Use Best GM clock algorithm

• Provide correction field estimation

• Handle discontinuities

• Use multi-port verification component to

validate clock correction

Clock

Synchronisation

MSRP• Used to create a path through a network for rank-

based, latency guaranteed bandwidth reservations

within a network

• Supports the reservation of resources for streams, each

destined for one or more Listeners, and each

from a single source

• Two types of end stations supported by MSRP:

• Talker: Source of a stream

• Listener: Destination for a stream

• Stream Registration

• Talkers advertise one or more streams and specify

the QoS requirements

• Bridges propagate those advertisements

throughout the network

• Listener(s) request the stream

• Bridges Forward Listener Ready toward Talker

Verification Challenges

• Packing of multiple talker attributes

for different destination and

streamid into a single MRPDU

• Checking and calculating the

bandwidth reserved for a

particular streamid by the end

station

• Scheduling of streams and

mapping to correct shaping

queue

Scheduling

Credit Based Shaping

• Priority scheduling

• Insure quality of service

Time Aware Shaper

• Scheduling done on the basis of gate control events which are time synchronized

• Uses gates with priority queues

• Non-responsive and Rx agnostic protocols

• How does Rx determine bandwidth has been

honored?

• Was the correct queue gate allowed to

transmit frame according to gate control list?

• Did the gate control list recycle properly?

• Was the timestamp generated in sync?

Active Verification

Component

Passive

Verification

Component

Device Under Test

Configuration:

- Bandwidth

Allocation

(CBS)

- Gate Control

List (TAS)

Expected configuration done

for both DUT and Monitor

DUT traffic

feedback

to monitor

Evaluates the traffic according to priorities for bandwidth allocation

Runs shadow Gate Control for TAS and does back calculation for timing to evaluate if correct gate transmitted

x Does not work for Preempted packets conclusively

Transmission Selection

Preemption

•Select the traffic based on express and preemptablestatus

MacMergeLayer

•Halts unimportant traffic to service interrupts

•Adds fragmentation

• Preemption when hold mechanism is not

used

• Preemption when hold mechanism is used

• Verification of preemption capability

• Preemption hold timing violation checks

VerifyTransmit

Processing

Receive Processing

Send Verification

mFrame with SMD_VReceive Response

mFrame with SMD_R

Preemption Block

Queuing from

stream shapers

Preempt

Indication

Express

traffic

Preemptable

traffic

Typically express traffic queues will be less in number

but need not be fixed to specific priority numbers or positional placement (L-R)

Transmission Selection

MAC Merge Layer

Express

FilterTransmit

Processing

Receive

Processing

eMAC

MAC

Control

MAC

pMAC

MAC

Control

MAC

ENET Phy

Preemption Block

Queuing from

stream shapers

Normal

ENET

MAC

Preempt

Indication

• Express traffic interrupt should interrupt

normal traffic

• Timer violations for minimum guard period

through calculation of preemption delay

• Fragment formats and fragment size

violations

• Link to link delay for single hop calculation

• mFrame validation

Feedback for indicating reception of Verification frames

Security

802.1AE MACSec

•Encryption and decryption of the data payload using the GCM mechanism

•Ethernet MAC embedded with MACSec logic

• Verification of Integrity mode, confidentiality

mode and both

• Authentication mode verification

• PN Replay feature : Out of order PN

• Configuration for key, PN etc.

• Error Injection

• Scoreboard hooks for data integrity check

MACsecRX Q

MACsecTX Q

MACsec layer

MAC layer

PHY Layer(Reconciliation Sublayer)

Decrypted received data

Encrypted Data

Energy Efficient Ethernet

802.3az

•EEE is green energy technology for Automotive Ethernet

•Keep link in “sleep” mode when no transmission occurs : IDLE/Sleep/Wake

• Ensure that sleep timers are validated

• Any traffic during low power should be

discarded

• Low power Idle corruption

Full Stack Verification EnvironmentTop Level

Physical Layer

802.3 ENET (USGMII, 2.5G UTP)

Pre-emptive MAC

Frame Generation

802.1Qbu : Pre-emption and Interspersing

802.1AS

Time

Stamping

Unit

1722

AV+Ctrl Frames

1722-Rev

AV+Ctrl Frames

802.1Qbv : Time aware shaping

802.1Qav : Credit based shaper

Rsvd_Q BE_QSched_Q

TimeAwareGates

Transmission_QPTP_Q

Generated

stream scheduling

based on

bandwidth

allocation

General media format frame

creation, packing and unpacking

Scheduled frames

controlled on the

basis of gate control

list

Timestamp

generation and

clock sync for the

system

Preemption

controlled through

Hold register or

Control directive

Not all layers need be present in

every use model, the different

functionalities can be selected

based on enablement registers

Thank You