International Workshop on Satellite Based Traffic Measurement
Berlin, GermanySeptember 9th and 10th 2002
TECHNISCHEUNIVERSITÄTDRESDEN
Onboard Computer and Data Handling of MultiSat
Peter M. Behr
Fraunhofer Institute for Computer Architecture and Software Technology (FIRST)
Content:
• System Architecture• Computing Node• Communication, I/O• Software Structure
I/O-Devices
Receivers
Wheels& IMU
Senders
Cameras& Others
AnalogueDevices
GPS
StarSensors
Uplink ManagerDownlink Manager
Intrinsic Applications
IO Managers
Software
User Applications
Command BusHousekeeping Bus
Inter-Application Bus
Scalable, homogeneous, symmetric, distributed, fault tolerant multi computer system
Hardware
System Architecture
System Architecture• scalable: additional nodes increase the
performance and also extend the total lifetime (graceful degradation), spare nodes may further increase life time.
• homogeneous: identical node computers (3-16), connected by redundant communication system
• symmetric: each node is able to execute all tasks
• distributed: nodes are separate units - control is distributed among the nodes (no single point of failure)
• fault tolerant: based on redundancy (hardware and software); minimum three nodes for TMR
• multi computer system: nodes are self contained computers (processor, memory, I/O)
Computing Node
Block Diagram of one Node of the Onboard Computer System
MPC82xxCPU CPM
EDCDRAMFLASH
serial I/O
parallel I/O
serial I/O
digital I/O
local bus
memory bus
FPGA
IP IP IP
2 x Ethernetfail safe
communicationinterface
fail safeanalog input
interface
latch upmonitor
ADC
analogMUX
fail
safe
de
vice
inte
rfac
es
Computing Node• Embedded processor and memory and control functions
based on newest VLSI technology• Small number of parts, low power dissipation,
no cooling problems, low weight and space requirements• Industrial versions of COTS components conform to the
conditions on satellites – except for the radiation problems • SEU: EDC memory, multiple copies of the software in
FLASH memory, self checking design of FPGA logic. • SEL: radiation tolerant components and latch-up protection
for endangered parts• Total dose: pre-qualification includes radiation test to
ensure that the selected components fulfill the requirements according to the expected lifetime of the satellite
Computing Node
Further self-test and diagnosis features in each node:
• extensive self-test after power-on and reset• boundary scan interface for detailed remote
diagnoses• maintenance by updating firmware and
software of a node• monitoring of the temperature of critical
components• alive monitors for hardware and software
functions (watch-dog)
• EC603eTM PPC Core • 280.0 MIPS @ 200
MHz• MMU, FPU, 32 KB
Cache, power management
• SDRAM Controller, RTC, Timer, Watchdog, COP, JTAG
• Communication processor supports a variety of serial and parallel I/0 Protocols
• 2.0V internal and 3.3V I/O only 2.5 W
Block Diagram of Embedded PowerPC Processor (MPC8260)
Computing Node
FPGATelemetry
I/O Interface(Downlink)
UART8 X
RS 485
Latch-up Monitor
Power PCMPC 8260(200 MHz)
Debug Port
Eth
erne
t
Memory
EDC DRAM32-1000MByte
64 x Analog Input
ModemInterface
SerialI/O
Interface
F
lash
4-64
MB
yte
UARTparallel
64 Analog Input
I2C
COBT Timer
UART 8
x serial
Modem Input
Down Link
Image Data
Ethernet
Prototype of the MultiSat Node Computer
Computing Node
CommunicationSubsystem
Satellite Bus
Payload
SurvivalSubsystem
FPGA
Inter NodeInterface
AnalogInterface
Dev
ice
Inte
rfac
eProcessorMemory
AnalogControl
Communication and I/O Structure
• redundant bus system for inter node communication
• each node interfaces to the main I/O devices• fail safe communication and I/O interfaces • faulty nodes can be isolated from the busses
(even in the case of a stuck-at error)
Java Virtual MachineSatellite Control Task
Uplink Manager
Downlink Manager
User Appl.Comm.
Interface
Comm. Interface
I/O Manager
Status/Result BusCommand Bus
Inter Application Bus
Real TimeOperating System
Software Structure• Linux based operating
system kernel provides pre-emptive multi tasking, priority and real time based scheduling, memory management, and communication
• Three software busses across node boundaries provide secured, fault tolerant and and location independent communication among the tasks
Software Structure• Except of the basic operating system, all functions of
the satellite are implemented by dedicated tasks that have unified interfaces to the busses of the software back-plane.
• I/O manager tasks and the up-link and down-link managers provide location transparent access to the I/O devices.
• I/O manager tasks also handle the problems of replicated tasks and physical I/O interfaces: Inputs are accessible by all nodes, only the I/O manager task of the active nodes will drive the physical output lines. All nodes can read-back the output lines.
• Highly modular and configurable design by simply plugging software components in and out of the back plane.
Software Structure• Satellite control tasks access the operating
functions directly via the dedicated software busses.• A Java Virtual Machine (JVM) provides an
encapsulated execution environment for user specific applications.
• The vital control functions of the satellite are protected from the user applications and are scheduled with higher priority than the task implementing the JVM.
• Applications can be dynamically loaded and executed based on Java ‘applet’ or ‘servlet’ mechanisms.
• Java2 provides internet based communication services (including security), and hardware independence of the applications.
Software Structure• To implement fault tolerance, mission critical tasks
are replicated and executed in different nodes to allow for voting or monitoring of actions.
• Tasks with high performance requirements can be executed on several nodes by means of parallel processing.
• To handle the dynamically changing mission requirements for performance, memory space, and dependability it is possible to switch nodes on and off and redistribute the control and applications tasks.
• Unification of the different computing functions of a satellite into a single highly redundant system allows for a close cooperation between the different tasks and optimizes the flexible utilization of the redundant computing resources.
Top Related